Last active
February 2, 2025 20:51
-
-
Save PurpleBooth/7e27f5c439a2cb973bbf73bdd714ff88 to your computer and use it in GitHub Desktop.
Use sops to cache the one password vault session token because op is horrible to use
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| CACHE_DIR="${XDG_CACHE_HOME:-$HOME/Library/Caches}/wrapper-1password" | |
| CACHE_FILE="$CACHE_DIR/session-token.yaml" | |
| OP_LOCATION="$(command -v op)" | |
| mkdir -p "$CACHE_DIR" | |
| function run_op() { | |
| EXEC_COMMAND=( | |
| "$OP_LOCATION" | |
| "--session" | |
| "\$data" | |
| "$@" | |
| ) | |
| sops exec-env \ | |
| "$CACHE_FILE" \ | |
| "${EXEC_COMMAND[*]}" | |
| } | |
| # Check token still valid | |
| if [ -f "$CACHE_FILE" ] ; then | |
| ERROR=$(run_op list vaults 2>&1 >/dev/null) | |
| if [[ $ERROR == *"You are not currently signed in."* ]]; then | |
| rm "$CACHE_FILE" | |
| fi | |
| fi | |
| # Login | |
| if ! [ -f "$CACHE_FILE" ] ; then | |
| op signin op-wrapper --raw | sops --encrypt /dev/stdin > "$CACHE_FILE" | |
| fi | |
| # Run original command | |
| run_op "$@" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment