op signin command has an immensely useful functionality:
You can use the `--session` option with the `signin` command to reuse an active token or to test whether a session has expired. This may be useful when writing scripts that use the command-line tool. If the session is active, the tool will use it and return the same token. If the session is expired, you’ll have to sign in again.
However, as Michael pointed out in https://1password.community/discussion/123986/command-line-tool-v1-12-2-op-create-item-template-file-json it is insecure to provide secrets on the command-line. For example, in shared and cloud environments there's a risk of other users seeing the session token through
ps or the token making its way to audit logs.
With that in mind, it would be fantastic if the token reuse functionality was usable with the session token in an environmental variable. I see two possible approaches:
1. Change the default behavior of
op signin (without
--session parameter) to reuse the existing session token by default. Add a new parameter e.g.
--new-session to force a new sign-in.
2. Leave the current default behavior as it is, add a
--reuse parameter to tell the CLI to try reusing the token from env.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided