I'm developing a little script that our CSMs use. The script connects to DB, runs some queries, and produce output for them. I'd like to use 1Password to store the credential to connect to DB. That way, the only prompting that CSM ever gets is their own 1Password, which is much easier for them. I'm feeling this is a fairly standard use case for the op CLI.
The problem I'm having is that when I run
op signin , it always prompts the user to establish a new session token. This is cumbersome. The behaviour I'd like is that the prompting only happens when there's no valid session at the moment.
saml2aws, which is a similiar tool for different services, work exactly like this.
I eventually discovered that
eval $(op signin --session "$OP_SESSION_foobar" foobar) seems to do the trick, but I find this rather unintuitive for a seemingly common use case like this. It makes a lot more sense to me that the default behaviour consults the existing session token, and for the rare situation where you want to force reauthentication, define
--force or something.
Just my 2 cents.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided