.env accessed?: Lesson learned from a drained crypto wallet

Yeah, I had a similar thing happen in relation to leaking my `OPENAI_API_KEY`. Might've been this: https://socket.dev/blog/npm-is-package-hijacked-in-expanding-supply-chain-attack

If it really was that trojan, I could've lost SSH keys as well. But, luckily was already using 1Password for everything SSH.

Got me to move my env vars into 1Password in conjunction with 1Password CLI's `op read`. Set up aliases on CLI tools that need a env variable, to have 1Password load the env var first. This avoids a 1Password prompt every time you pop open a terminal.

Considering more people are going to look to 1Password to more securely store their local env vars, please consider fixing this issue - "Copy secret reference" inconsistent behavior/bugs | 1Password Community.

Honestly, with the security of your device, it's impossible to personally verify the security of everything you install. With the amount of trust involved, it seems better to prepare your damage limitation than to believe an air tight solution is possible.