The irony of a security improvement which is equally insecure
I have an issue with the improvement detailed in the 1.12.2 CLI update: https://1password.community/discussion/123986/command-line-tool-v1-12-2-op-create-item-template-file-json
Micheal mentions that the op encode command is now officially deprecated and will be removed in future versions of the CLI. The reasoning is that "Passing your about-to-be-created vault item details to op as a command-line argument is insecure". Now I agree that is the case, because of the further mentioned "other users or processes to see the arguments that are passed to any program, which means that they would be able to see your vault item details for the window that op create item is running".
That's all well and good, however there's an irony in remplacing this insecure method with another insecure method. One could argue that between the two, a file import is less insecure that command line parameters which could be logged, however it is incorrect to think that a file import is "secure".
Unencrypted files are inherently insecure. Even temporary files remain inherently insecure as any deleted files can be easily recovered.
Please consider adding stdin as an input method to op create item in the same way that stdin can be used with op create document. Something as simple as a single dash such as op create item Login - could work as a syntax just as it does with op create document. This would give an alternative that doesn't require the creation of insecure plain text files while also eliminating logging of the command line arguments.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
