G'day. I'm evaluating if I can safely use the op cli to access secrets on a system that is not fully under my control. The main sticking point is that command line arguments and environment variables are visible to more or less anyone who asks nicely. So, passing the session token on the command line, or as an environment variable, means I need to assume it can be leaked.
Which brings me to my question: what does that token grant access to? I get the impression that it would allow anyone holding the token to download the encrypted vault file, but nothing more. I'd like, of course, to confirm that. Please correct anything I have wrong here about holding the op(1) session token, but no other information:
Is that all correct? Is there anything I missed to be aware of?
The specific "threat model" here is that the company capture some information about all processes executed, as part of defending against internal and external attackers, especially APT attackers and "zero day" malware. That can include environment variables and command line arguments – so would potentially leak my session token.
What I'm not trying to prevent is the "insider risk" of someone being able to read keyboard input, process output, or process memory holding the decrypted passwords. I simply want to understand what the risk of a leaked session token is, so I can factor that into the overall picture of risk here.
note: I gave the platform below, but this is also applicable to the CLI on windows and linux, if I want to run them there, I'd assume.
1Password Version: op 1.8.0
Extension Version: Not Provided
OS Version: macOS 10.15.7
Sync Type: 1password account