aws cli works but aws sam cli doesn't
Has anyone had success in using the AWS SAM (Serverless Application Model) cli with the 1Password cli support?
On Kubuntu 22, my terminal commands to the aws cli plugin succeed (due to the 1P secret references in my .aws config file) but commands to AWS's sam cli plugin, such as sam deploy -g fail with errors like this:
Error: Failed to create managed resources: An error occurred (IncompleteSignature) when calling the CreateChangeSet operation: 'key' not a valid key=value pair (missing equal-sign) in Authorization header: 'AWS4-HMAC-SHA256 Credential="op://Private/[omitted]/Security/access key id"/20240411/us-west-2/cloudformation/aws4_request, SignedHeaders=content-type;host;x-amz-date, Signature=[omitted]'.
It seems that the secret reference is not being dereferenced.
I've noticed this happens sometimes when my aws cli or 1P session has expired. Is there a way to trigger a refresh just before making a sam call? Googling "1password cli trigger refresh" results in no good match.
$ op --version
2.26.1
$ aws --version
aws-cli/2.15.33 Python/3.11.8 Linux/6.5.0-27-generic exe/x86_64.ubuntu.22 prompt/off
$ sam --version
SAM CLI, version 1.114.0
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided