Created
November 27, 2025 18:47
-
-
Save jbinto/e5e584914e3038488ac750a4a7e4aabd to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # with1p proof of concept, 20251127 | |
| with1p() { | |
| # Usage: with1p VAR[=SECRET_NAME] [VAR2[=SECRET_NAME2] ...] -- command [args...] | |
| if [[ $# -lt 2 ]]; then | |
| echo "Usage: with1p VAR[=SECRET_NAME] [VAR2[=SECRET_NAME2] ...] -- command [args...]" >&2 | |
| return 1 | |
| fi | |
| local specs=() | |
| # Collect VAR / VAR=SECRET_NAME until we hit -- | |
| while [[ $# -gt 0 && "$1" != "--" ]]; do | |
| specs+=("$1") | |
| shift | |
| done | |
| # Skip the -- | |
| if [[ "$1" == "--" ]]; then | |
| shift | |
| fi | |
| if [[ $# -eq 0 ]]; then | |
| echo "with1p: missing command after --" >&2 | |
| return 1 | |
| fi | |
| local env_cmd=() | |
| local spec env_name secret_name ref | |
| for spec in "${specs[@]}"; do | |
| if [[ "$spec" == *=* ]]; then | |
| env_name=${spec%%=*} | |
| secret_name=${spec#*=} | |
| else | |
| env_name=$spec | |
| secret_name=$spec | |
| fi | |
| ref="op://tokens/$secret_name/credential" | |
| env_cmd+=("$env_name=$ref") | |
| done | |
| # env VAR1=... VAR2=... op run -- command args... | |
| env "${env_cmd[@]}" op run -- "$@" | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment