Using 1Password CLI to login to OPNsense with concatenated OTP codes

The OPNsense router/firewall is the cornerstone of my Homelab. I love it to death, but the one thing that annoys me about it is how it implements two-factor authentication on the admin console login page.

In order to login to the admin console using a one-time password token (OTP), you first need to concatenate the OTP code with the actual password, and then enter it into the normal Password field. I also have the same annoyance with my account.

This is a bit cumbersome when using a password manager like 1Password, which can auto-fill both passwords and OTP codes into a login page. You first have to manually copy the OTP code to your clipboard, paste it into the field, then go back and do the same for the password, and then hope that you get it all in before the OTP code expires!

I submitted a feature request to the 1Password development team to allow for a special “dynamic password” field that can concatenate selected fields from the 1Password vault item, and then use the concatenated results to auto fill a specific password field on a page. I got a lot of positive responses from users in regards to my mock-up of this idea, but unfortunately the 1Password development team considers this to be an edge case, and said that accommodating this feature is not on their roadmap for the near future.

Fortunately, 1Password has a command-line tool that can be used to build your own solutions to “edge case” workflows like this. In this video, I show how I use the 1Password CLI in conjunction with Keyboard Maestro to automatically concatenate my OPNsense password with the OTP code.

You can also download the Keyboard Maestro macro from my Github repo.