How can I prevent to authenticate constantly to retrieve secrets ?

mikaellDid you ever figure this out?  Can you give some hints on how you implemented it?

I just started doing this myself, replacing hard-coded secrets in my .zshrc in macOS.  In my case, it's an API token I use regularly in shell functions which contain calls to `curl`.  For now, this is just a pilot.

I only have one call to the `op` v2 CLI tool, and it looks like this:

export TOKEN="$(op item get 'my API token' --fields label=credential)"

This works great by itself.  The problem I have is I have a fairly complex environment in my terminal emulator.  I rely on the tmux terminal multiplexer, and I make use of the tmux-resurrect plugin to automatically spin up my entire tmux environment if the tmux server isn't running (mostly, after reboot).

tmux-resurrect will spin up a number of sessions, each containing one or more windows, and several (not all) windows will have more than one pane.  In each pane will be a separate instance of zsh, and this is where I run into the problem.

When tmux is spinning up my environment, I appear to get prompted to authenticate every instance of zsh.  I use biometric/fingerprint authentication, so it's not a huge deal, but I have to click through several (10+) 1Password biometric authentication prompts before they're all authenticated.  Also, it's not unheard of for me to spin up another session, window or pane, and any new zsh instance also needs to be authenticated (even if others have already been authenticated recently).

I did see where I can disable app integration and use the session key in an environment variable, but that seems awfully hacky and not really what I'd want.  I'm thinking of maybe setting these `op` calls in a tmux environment variable instead, so the retrieval of my secrets will only happen once when the tmux server spins up. 

That will likely be my solution, but how did you do it?