--reveal is NOT an improvement, but a BREAKING CHANGE
The new mandatory --reveal flag added in 2.30.0 for "op item get" is breaking my shell scripts that use "op item get --vault=$vault --field=password -- $item".
If I'm asking for an item, especially with a specific field, of course I want to get the secret value. My shell scripts are now all broken as I have to add --reveal everywhere.
In my shell scripts, the output of op is redirected, so it doesn't leak to the terminal output. Requiring --reveal for that case is just insane.
Instead, I suggest to fix op to require the --reveal flag only if the output (STDOUT) is a terminal (TTY). That would still block from leaking to bad eyes looking at the terminal, but remove the breaking change for most automation use cases.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided
Comments
-
Amen.
This broke https://github.com/razorsedge/terraform-credentials-op and had me blaming the TFC admin for several days instead of looking at
op.0 -
OMG! I just discovered the --reveal requirement when a script failed today.
I looked at saved output from some other scripts and this first happened to me on 9/12/2023?
I should be paying more attention to the output of my scripts and/or looking at the release notes.
0 -
Am I correct that this does not affect
op item get --format=json?0 -
Correct, at least in my project when retrieving an entire item.
1
