Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Forum Discussion
Credential theft via NPM
1P_Blake and 1P_Dave I think this is a great topic but a five alarm fire is happening right now with credential theft via npm. I think that you need to have an all hands on meeting about how to promote the credential injection feature that all 1pasword customers can use. My .zshrc file and .envrc file now use the op read syntax. It took me months to learn but i finally have it. This is a topic that needs to be drilled into EVERYONES head as more people start using Api Keys with their LLM providers. This is your moment.....It's go time for 1password.... You have a solution but don't know how to explain it to non-developers.
2 Replies
- 1P_Phil
Moderator
Hi thecatfix ,
Thanks for the encouraging words!! We really appreciate it :D this is definitely where we could use some help from the community :D
Would you be interested in penning a blog/tutorial showing how you secure your credentials from NPM theft? I'd welcome it! Post it, share, distribute it anywhere! We can highlight it :and help with distribution :D
Regards,
Phil & TeamWould i be interested in writing about my hellish journey of trying to figure out how to use the 1password CLI tools????? I don't think you want that in a public forum 1P_Phil . Your documentation and tutorials are so mind numbingly confusing that i just had to re-write everything b/c i was using op read instead of op run. I would rather chew glass than go thru the experience of setting up a service account. i had to figure out wtf was the difference btwn a plugin, connect server, service account AND THEN what variables do i export...does it work with the desktop app. THE BEST PART is your Overview and Introduction For Shell Plugins
https://youtu.be/Hq5iQtM6a_w?si=FpO76fZMwlBUqgq1
IS A RECORDED FAILED DEMO.
I had to watch countless hours of Youtube Tutorial TO GET IT TO WORK hahahahahahahahah
