xinb
/
ohmyzsh
mirror of https://github.com/ohmyzsh/ohmyzsh.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge 5b5286106e into 5c17bcd21f

This commit is contained in:
James Neill 2025-01-09 21:51:58 +01:00 committed by GitHub
parent 5c17bcd21f 5b5286106e
commit aabf95d2eb
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 76 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
plugins/1password/1password.plugin.zsh
View File

@ -13,3 +13,55 @@ op completion zsh >| "$ZSH_CACHE_DIR/completions/_op" &|
# Load opswd function
autoload -Uz opswd
# List of commands to inject secrets into before running
OP_RUN_WRAPPER_CMDS=()
OP_RUN_WRAPPER_ORIGINAL_PROMPT=$PROMPT
OP_RUN_WRAPPER_SYMBOL="🔑"
# Currently we take a simple approach and set aliases to override each command, this could be done with functions instead
# Also ignoring the option to specify specific environment files with the `--env-file` flag
function set_op_aliases() {
for cmd in "${OP_RUN_WRAPPER_CMDS[@]}"; do
alias "$cmd"="op run -- $cmd"
done
}
function unset_op_aliases() {
for cmd in "${OP_RUN_WRAPPER_CMDS[@]}"; do
unalias "$cmd" 2>/dev/null
done
}
function set_prompt() {
OP_RUN_WRAPPER_ORIGINAL_PROMPT=$PROMPT
export PROMPT="(${OP_RUN_WRAPPER_SYMBOL}) ${PROMPT}"
}
function unset_prompt() {
export PROMPT="${OP_RUN_WRAPPER_ORIGINAL_PROMPT}"
}
function toggle_secrets_injection() {
if [[ -z "${OP_RUN_WRAPPER_CMDS[*]}" ]]; then
echo "Error: OP_RUN_WRAPPER_CMDS is empty, please update the list of commands which require secrets injection."
zle reset-prompt
return 1
fi
if [[ -z "$OP_RUN_WRAPPER_ACTIVE" ]]; then
export OP_RUN_WRAPPER_ACTIVE=true
set_op_aliases
set_prompt
else
unset OP_RUN_WRAPPER_ACTIVE
unset_op_aliases
unset_prompt
fi
zle reset-prompt
}
zle -N toggle_secrets_injection
bindkey '^O' toggle_secrets_injection

24
plugins/1password/README.md
View File

@ -33,6 +33,30 @@ service you want to get.
> - [Get started with 1Password CLI 2: Sign in](https://developer.1password.com/docs/cli/get-started#sign-in)
> - [Sign in to your 1Password account manually](https://developer.1password.com/docs/cli/sign-in-manually)
## Secrets Injection
This plugin wraps specific commands (e.g., terraform, env) with the op run command from 1Password, automatically injecting any relevant secrets already defined in your environment variables. This ensures seamless integration with 1Password to manage sensitive information without needing .env files.
### Key Features
- Automatic 1Password Integration: The plugin automatically loads secrets from your 1Password vaults into the environment for supported commands.
- Toggle Activation: Easily enable or disable the wrapper with a keybinding (Ctrl+O by default).
- Command-Specific Behavior: Each supported command (e.g., terraform, env) is wrapped with `op run`, and any secrets defined in your environment are automatically passed into the subprocess.
### Basic Setup
```zsh
# setup any commands you wish to wrap
➜ ~ export OP_RUN_WRAPPER_CMDS=(env)
# define a secret and it's path inside your 1Password vault
➜ ~ export AWS_ACCESS_KEY_ID="op://vault/secret/atrribute"
# enabled injection mode with Ctrl+O, call wrapped command `env` and see result
(🔑) ➜ ~ env | grep AWS_ACCESS_KEY_ID
AWS_ACCESS_KEY_ID=<concealed by 1Password>
```
For more information on the `op run` command, check out the official [1Password CLI documentation](https://developer.1password.com/docs/cli/secrets-environment-variables).
## Requirements
- [1Password CLI 2](https://developer.1password.com/docs/cli/get-started#install)