Feedback regarding `op signin`, `eval`, and complexity around managing session(s)

nnutter
nnutter
Community Member
in CLI
  • I feel like it must be that many of your users use only one account so the need to explicitly run op signin shorthand and the use of eval seem very clunky.
  • It seems like you should be able to specify a default account and/or assume the account when there is only one in ~/.op/config.
  • It seems like you could store session tokens for each account name/ID in ~/.op/ and query all accounts.
  • It seems like you could automatically trigger a signin for an expired token and explicitly remove the session token when signing out to avoid auto-signin.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • cohix
    cohix
    1Password Alumni

    @nnutter Glad to see you're taking an interest in the tool! I'll hit each of your points:

    • It's a good idea that when only one account exists we should allow people to omit the account shorthand
    • The token in the environment variable is not your session token, it is a random key. The session information is stored in an encrypted file in your OS's temp directory. We need to have a layer of encryption there to ensure that your session token is never stored on disk in plaintext in any way.
    • We do automatically clean up old session files that have expired

    Let me know if you have any other questions!

This discussion has been closed.