Persistent op run Rather Than Manually Calling it

Question

This is kind of a far out there suggestion, and so I know unlikely, but one challenge with op run when protecting secrets with it is remembering to use it. For example, I am protecting my Linode API token in 1Password and referencing it in an environment variable, but many times forget to preface linode-cli ... with the requisite op run command the first time I try something in a given session. What if there could be some form of integration into shells that would always check for the secrets reference syntax and replace those with data from 1Password items? By its nature of needing shell config modifications this'd be opt-in, but may be worth considering. I do like that I can use 1Password to protect secrets needed on the command line, but I just find myself forgetting that I've done this, especially if I'm pasting in a command from documentation or other sources. I don't see any hint of this in the CLI 2 docs, so wanted to at least make the feature suggestion.

1Password Version: 8.6.0-43.BETA
Extension Version: 2.2.3
OS Version: macOS 12.2.1

1Password Version: 8.6.0-43.BETA
Extension Version: 2.2.3
OS Version: macOS 12.2.1

Answer

Hey @alexclst,

Thank you for trying out the CLI beta. We really appreciate it.

One way that may help to no longer forget adding op run before any linode-cli command is to make an alias:

alias linode-cli="op run -- linode-cli"

You can store your Linode API token environment variable in a file (e.g. in ~/.op/linode-cli and then the alias would be like this:

alias linode-cli="op run --env-file ~/.op/linode-cli -- linode-cli"

You can add this to your terminal's profile so that the alias works for all terminals that will be opened:

For Bash

Open a new terminal and open up .bash_profile:

nano .bash_profile

Add the alias at the end of the file:

alias linode-cli="op run --env-file ~/.op/linode-cli -- linode-cli"

Save the file with 'control+o', then exit with 'control+x'.
Refresh the shell environment:

source ~/.bash_profile

For Zsh

Open a new terminal and open up .bash_profile:

nano .zshrc

Add the alias at the end of the file:

alias linode-cli="op run --env-file ~/.op/linode-cli -- linode-cli"

Save the file with 'control+o', then exit with 'control+x'.
Refresh the shell environment:

source ~/.zshrc

Does this suggestion work for you? Let us know and we're glad to help you out more!

Feel free to reach out to us with any other feedback that you have to improve the CLI as well!

Answer

That isn't a bad idea. Honestly, for Linode I'd already aliased "linode" to it as I kinda don't like that the command is actually "linode-cli" (or any command that has "cli" in its name).

Also, for anyone else who sees this thread, as I use Fish the way to do this sort of thing there is best to use fish_config and add the abbreviation in the web interface.

Answer

Good to hear @alexclst

We also have an upcoming command called op shell which instantiates a shell with all the secrets loaded as well. If you ran the linode command in it, I believe that it would run with all the secrets resolved.

Hope you give this feature a try when it releases!

Forum Discussion

Persistent op run Rather Than Manually Calling it

3 Replies

For Bash

For Zsh

Featured discussions

September at 1Password: Browser versions, enhanced security, and new integrations

Recent discussions

Unofficial 1Password SDK for Rust

🔊 Securing Cursor agentic development with 1Password Environments

ssh agent and ansible 12 prompting incessantly

1Password Chrome extension is incorrectly manipulating <code> blocks

Custom aliases and OpenSSH fields for SSH Bookmarks