This is kind of a far out there suggestion, and so I know unlikely, but one challenge with op run when protecting secrets with it is remembering to use it. For example, I am protecting my Linode API token in 1Password and referencing it in an environment variable, but many times forget to preface linode-cli ... with the requisite op run command the first time I try something in a given session. What if there could be some form of integration into shells that would always check for the secrets reference syntax and replace those with data from 1Password items? By its nature of needing shell config modifications this'd be opt-in, but may be worth considering. I do like that I can use 1Password to protect secrets needed on the command line, but I just find myself forgetting that I've done this, especially if I'm pasting in a command from documentation or other sources. I don't see any hint of this in the CLI 2 docs, so wanted to at least make the feature suggestion.

1Password Version: 8.6.0-43.BETA
\nExtension Version: 2.2.3
\nOS Version: macOS 12.2.1

This is kind of a far out there suggestion, and so I know unlikely, but one challenge with op run when protecting secrets with it is remembering to use it. For example, I am protecting my Linode API token in 1Password and referencing it in an environment variable, but many times forget to preface linode-cli ... with the requisite op run command the first time I try something in a given session. What if there could be some form of integration into shells that would always check for the secrets reference syntax and replace those with data from 1Password items? By its nature of needing shell config modifications this'd be opt-in, but may be worth considering. I do like that I can use 1Password to protect secrets needed on the command line, but I just find myself forgetting that I've done this, especially if I'm pasting in a command from documentation or other sources. I don't see any hint of this in the CLI 2 docs, so wanted to at least make the feature suggestion.

1Password Version: 8.6.0-43.BETA
\nExtension Version: 2.2.3
\nOS Version: macOS 12.2.1

Good to hear @alexclst

We also have an upcoming command called op shell which instantiates a shell with all the secrets loaded as well. If you ran the linode command in it, I believe that it would run with all the secrets resolved.

Hope you give this feature a try when it releases!

That isn't a bad idea. Honestly, for Linode I'd already aliased \"linode\" to it as I kinda don't like that the command is actually \"linode-cli\" (or any command that has \"cli\" in its name).

Also, for anyone else who sees this thread, as I use Fish the way to do this sort of thing there is best to use fish_config and add the abbreviation in the web interface.

Hey @alexclst,

Thank you for trying out the CLI beta. We really appreciate it.

One way that may help to no longer forget adding op run before any linode-cli command is to make an alias:


\nalias linode-cli=\"op run -- linode-cli\"
\n

You can store your Linode API token environment variable in a file (e.g. in ~/.op/linode-cli and then the alias would be like this:
\n
\nalias linode-cli=\"op run --env-file ~/.op/linode-cli -- linode-cli\"
\n

You can add this to your terminal's profile so that the alias works for all terminals that will be opened:

For Bash

\n

1. Open a new terminal and open up .bash_profile:
   \n
\nnano .bash_profile
\n

\n

2. Add the alias at the end of the file:
   \n
\nalias linode-cli=\"op run --env-file ~/.op/linode-cli -- linode-cli\"
\n

\n

3. Save the file with 'control+o', then exit with 'control+x'.

\n

4. Refresh the shell environment:
   \n
\nsource ~/.bash_profile
\n

\n

For Zsh

\n

1. Open a new terminal and open up .bash_profile:
   \n
\nnano .zshrc
\n

\n

2. Add the alias at the end of the file:
   \n
\nalias linode-cli=\"op run --env-file ~/.op/linode-cli -- linode-cli\"
\n

\n

3. Save the file with 'control+o', then exit with 'control+x'.

\n

4. Refresh the shell environment:
   \n
\nsource ~/.zshrc
\n

\n

Does this suggestion work for you? Let us know and we're glad to help you out more!

Feel free to reach out to us with any other feedback that you have to improve the CLI as well!