Skip to content

secrets.resolve_all includes archived items #180

New issue
New issue
Open
Open
secrets.resolve_all includes archived items#180
Labels
bugSomething isn't working
@mg-oerp

Description

@mg-oerp
mg-oerp
opened on Sep 22, 2025

Scenario & Reproduction Steps

By default secrets.resolve works as expected (ignores archived records with the same name), but resolve_all seems to include archived items.

Setup:

  1. Create an API user with appropriate permissions needed for this and put appropriate token in .env file
  2. Create a vault with two records in it, one named Bug_ArchivedItems and one named Bug_noArchivedItems and for the username put test_user in both records.
  3. run the code that is below, the expected results happen, you get both values correctly.
  4. archive the record named Bug_ArchivedItems.
  5. create a new record with the name Bug_ArchivedItems, add in the username of test_user and save it
  6. re-run below code and you will now get an error type=<ResolveReferenceErrorTypes.TOO_MANY_ITEMS: 'tooManyItems'>

Code to reproduce (please excuse the terrible code, I just cobbled pieces together from an existing project to reference in this issue but hopefully it's enough). Standard resolve seems to ignore archived items by default but resolve_all does not.

from onepassword.client import Client as onepass # type: ignore
import os, asyncio, dotenv, asyncio # type: ignore

dotenv.load_dotenv()

async def main(data):
    optoken = os.getenv("OP_SERVICE_ACCOUNT_TOKEN")
    opclient = await onepass.authenticate(auth=optoken, integration_name="my name", integration_version="0.0.1")
    secrets = await opclient.secrets.resolve_all(data)
    for k, v in secrets.individual_responses.items():
        if v.error:
            print(f"{k}: {v.error}")
        else:
            print(f"{k}: {v.content.secret}")

asyncio.run(main(["op://opi/Bug_noArchivedItems/username"]))

asyncio.run(main(["op://opi/Bug_ArchivedItems/username"]))

Actual Behavior

op://opi/Bug_noArchivedItems/username: test_user
op://opi/Bug_ArchivedItems/username: type=<ResolveReferenceErrorTypes.TOO_MANY_ITEMS: 'tooManyItems'>

Expected Behavior

op://opi/Bug_noArchivedItems/username: test_user
op://opi/Bug_ArchivedItems/username: test_user

SDK version

onepassword-sdk 0.3.1

Additional information

Ideally they should behave the same, or at the very least we should have a documented option to make them work the same.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions