OpenTofu stops asking for TouchID after a while and hangs when running `plan`

[sondr3]

Your environment

❯ tofu -version
OpenTofu v1.11.5
on darwin_arm64
+ provider registry.opentofu.org/1password/onepassword v3.2.1
+ provider registry.opentofu.org/hashicorp/local v2.7.0
+ provider registry.opentofu.org/hetznercloud/hcloud v1.60.1
+ provider registry.opentofu.org/linode/linode v3.9.0
+ provider registry.opentofu.org/ovh/ovh v2.11.0
+ provider registry.opentofu.org/poseidon/ct v0.14.0

1Password for Mac 8.12.6 (81206031)

OS:

macos 26.2 (25C56)

Terraform Version:

OpenTofu v1.11.5

What happened?

1. Run tofu plan a few times, it asks for TouchID to read a data "onepassword_item" "foo" {} block
2. Unsure if it happens after my screen locks or just a set time-out, but wait a bit
3. Now it gets stuck and loops forever waiting for the onepassword_item

trace logs

2026-03-01T20:33:46.900+0100 [TRACE] dag/walk: vertex "data.onepassword_item.foo (expand)" is waiting for "provider[\"registry.opentofu.org/1password/onepassword\"]"
2026-03-01T20:33:46.900+0100 [TRACE] dag/walk: vertex "data.ct_config.hetzner (expand)" is waiting for "data.onepassword_item.foo (expand)"
2026-03-01T20:33:46.900+0100 [TRACE] dag/walk: vertex "hcloud_server.this (expand)" is waiting for "hcloud_ssh_key.this (expand)"
2026-03-01T20:33:46.900+0100 [TRACE] dag/walk: vertex "provider[\"registry.opentofu.org/1password/onepassword\"] (close)" is waiting for "data.onepassword_item.foo (expand)"

What did you expect to happen?

The TouchID dialog to pop up

Steps to reproduce

I can't really easily share this, but this is essentially what's looping

data "onepassword_item" "foo" {
  vault = "123456"
  uuid  = "abcdefg"
}

resource "hcloud_ssh_key" "this" {
  public_key = data.onepassword_item.foo.foo
}

resource "hcloud_server" "this" {
  ssh_keys           = [hcloud_ssh_key.foo.id]
}

[JillRegan]

Hey @sondr3 👋

It sounds like this could be the desktop app session expiring, which might be causing the hang. Can you try opening the 1Password app and making sure it’s unlocked, then run tofu plan again. Does that fix it?

[sondr3]

I've tried force quitting it, locking and unlocking, restarting and even reinstalled it and yet it consistently ends up in a state where it hangs and loops. Not sure whether it's the app or provider, but since it persisted across so many variations I thought to start here 😅

[JillRegan]

I suspect it is an issue with the app given it works the first few times for you, I also tried running terraform plan several times myself using desktop auth and everything seemed okay. 🤔

What version of the app are you running and are you using nightly, beta, or production? You can find this under Settings > About

[zpetterd]

To add to the version information. I'm encountering this issue, with the folowing versions

• 1Password App: 1Password for Mac 8.12.10 (81210007)(Nightly)
• OpenTofu version: 1.11.5
• 1Password provider version: 3.2.1
• Mac OS: 26.3.1 (25D2128)

My desktop app session is often still valid, when I encounter this issue. If I restart the desktop app, then I get prompted correctly.

[andrewhharmon]

I experience this constantly as well after upgrading to 1pw tf provider 3 and the sdk. I'm using terraform, not open tofu. I'l run terraform plan/apply and it'll start planning and then just hang, it never prompts me to finger scan to unlock 1pass. If I quite 1pass, the terraform plan errors. I restart 1pass and terraform plan again and it prompts me for finger print. So it def seems to be something in the 1 password app that gets stuck, like it can't respond to the sdk request. I did sleep my laptop and wake, and that did NOT seem to cause the issue. not sure what makes it fall into this state.

• 1Password for Mac 8.12.5 (81205001)
• Terraform v1.13.4on darwin_arm64
• provider registry.terraform.io/1password/onepassword v3.2.1
• Mac OS: Tahoe 26.3

Note: there is a more recent 1pass desktop app, I'll update and see if that helps
Note2: even when it does work, it asks for finger print twice, once at plan and once at apply, it would be nice if it could kinda persist that session so it only asks once.

[JillRegan]

Hey all! Just wanted to update here. This seems to be an issue with desktop auth for the 1Password SDK. We are currently investigating and will report back once we know more 👍

[garbelini]

@JillRegan Any workaround while we wait?

[patrickdebruijn]

Any updates regarding this issues?

[sdjelassimoussa-bs]

Any update ?

[JillRegan]

Hi all, sorry for the delay I was away for a few weeks and just getting caught up on things. I brought this up to the team today and it looks like the fix was shipped with the latest release (8.12.12)! Updating should fix the problem, are any of you still facing this issue at all with the latest version?