[62] Automatic login and session management
Sorry, this might be a not so well structured feedback. I just want to share the slight annoyance I'm having with expiring sessions on my daily workflows.
As said in https://1password.community/discussion/126437/16-17-20-support-for-both-versions-in-scripts, I mostly use the CLI with direnv. (And occasionally with Ansible Vault, and some other use cases.) With my workflow with multiple tmux panes and constant directory changes, I end up more often than not with an error of invalid OP session. Then I have to sign in and trigger new op run.
It might indeed not be the best security practice to fetch the secrets only once when entering a directory, and store them in the env vars. (Although much better than having the secrets as plaintext on filesystem :wink:) But with op run the session issue would be even worse, as there is the hard limit for 30 minutes.
I have scripted an automatic sign-in for one use case, and I'm planning to implement it for https://github.com/tmatilai/direnv-1password, too. But I would like to know if you have any ideas about the best pattern here. Or maybe the CLI could offer more help with session management?
So the issues (which might not be easy to solve without reducing security):
1. Sessions are not global, but local to the shell session. This is of course a big security question as solving it would require storing the session token somewhere.
2. Session expires in 30 minutes. Could there be an option to reset the timer on every op usage? With a configurable max TTL.
3. Any help for the automatic sign-in? Maybe even an option to do it with any op command. This would block the command, so it should still be opt-in. Optimally the session token should somehow be delivered back to the caller or shell session so the next op command would also have it. Might be hard without #1, as STDIN/STDERR are reserved for the command output.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
