What's the point of op CLI when it has all-of-nothing access to my vault?
Hey,
I want to use the CLI to avoid mundane tasks and reduce attack surface. For this reason, I set up authentication for gh using op plugin init gh. As expected, running gh in a new terminal now prompts for access, but this unlocks the entire vault to the shell session, not just the GitHub PAT. Why can't access be limited to the GitHub PAT item like with the SSH keys in the agent? The current behavior gives me no benefit over setting the GH_TOKEN environment variable, in fact, it just exposes my passwords for exfiltration.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided
1