A token validity test would make op more useful for scripting

1secure

I'd like to be able to embed "op" in shell scripts and shell aliases. One problem I ran into is that there isn't a simple way to determine whether a session token is valid. What I'd like to do is at the top of the script do something like:
if [ `op test vault` != "valid" ]; then eval $(op signin vault); fi
and use that in any script that needs op commands. The other alternatives have serious downsides: If we use the eval, then every script asks for password, which is too much friction. This is even more important when you think a out the fact that a script with an op command can fail mid-script, and if it had side-effects then cleanup is a pain. On the other hand if there can be a test up-front, then you are asked at the time the script is invoked.

Another trick might be to use bash/zsh aliases like this:
alias secureprog="if [ `op test vault` !== 'valid' ]; then eval $(op signin vault); fi; /path/to/secureprog"
That way if the current shell session needs to be refreshed, the shell is updated, and the program always gets a valid token

---

1Password Version: op cli 0.5.6
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:cli

1secure

Update: I saw a post from @mickael that used op get account to refresh the session. That would work for test purposes. The exit code seems to be 0 if session is valid, 1 if not signed in, and 145 if signed in but expired.
I'll use that in the interim. It would still be useful to have a test function that can determine whether the token is expired, without needing to hit your server. One simple implementation could be just appending an integer utc timestamp to the token

mickael

@1secure Maybe you could check that post and that gist

To get op credentials in scripts, I then simply do:

. "${HOME}/.bin/opsign.sh"
eval $(get1PasswordSession)

cohix

@mickael is the resident expert on optimizing the CLI for bash :)