Signing back into the Community for the first time? You'll need to reset your password to access your account.  Find out more.

Forum Discussion

EarthAura's avatar
EarthAura
Occasional Contributor
3 months ago

What's the point of op CLI when it has all-of-nothing access to my vault?

Hey,

I want to use the CLI to avoid mundane tasks and reduce attack surface. For this reason, I set up authentication for gh using op plugin init gh. As expected, running gh in a new terminal now prompts for access, but this unlocks the entire vault to the shell session, not just the GitHub PAT. Why can't access be limited to the GitHub PAT item like with the SSH keys in the agent? The current behavior gives me no benefit over setting the GH_TOKEN environment variable, in fact, it just exposes my passwords for exfiltration.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

No RepliesBe the first to reply