1Password Environments Beta is awesome

I just tried it out too and also find it pretty cool. Jumped on the forum to see if people are preferring it over the commands.

The positives:

• Easy to use and `.env` files "just work".
• Reduces attack surface to only `.env` files you're actively using.
• None of the quirks of running commands through `op run`.

The negatives:

• While it does reduce the attack surface, imo your secrets a lot more exposed compared to  `op run`.

And that last point is the reason why I probably won't use Environments.

• `op run` limits your secret access to the command you ran it on (like only your dev server).
• Environments do not limit secret access, once you allow an `.env` to be readable, anything running on your system can now read those secrets.

I imagine that's "good enough" for most people, but having lost a key I'm a bit too paranoid to allow API keys outside the specific process I grant it to.

But, with that said I enjoyed trying it out, `op run` is a pain on monorepos. One thing that could be improved:

• If your env files have "Secret References", 1Pass Environments doesn't seem to handle those. It just imports the reference as the value of the env variable, I would've expected it to replace the reference with the value. Or even better if it could just "link" the env value to a field via "Secret Reference" that would reduce the redundancy of having API keys in both Environments and as separate API credential entries.