Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

1Password CLI Shell Plugin #3068

Open
nikolay opened this issue Aug 26, 2024 · 8 comments
Open

1Password CLI Shell Plugin #3068

nikolay opened this issue Aug 26, 2024 · 8 comments
Labels
enhancement New feature or request security

Comments

@nikolay
Copy link

nikolay commented Aug 26, 2024

Feature Overview

https://developer.1password.com/docs/cli/shell-plugins/contribute/

Why is the feature needed?

Otherwise, the AQUA_GITHUB_TOKEN or GITHUB_TOKEN should always be set and exposed in the shell.

Workaround

No response

Example Code

No response

Note

No response
@nikolay nikolay added the enhancement New feature or request label Aug 26, 2024
@suzuki-shunsuke
Copy link
Member

Thank you for your proposal.
I'm not familiar with 1Password CLI Shell Plugin, but this issue means installing 1Password CLI Shell Plugin via aqua?
I'll look into how to install plugins.

aqua doesn't support some plugin mechanism, so I'm not sure if aqua can support 1Password CLI Shell Plugin.
https://aquaproj.github.io/docs/products/aqua-registry/contributing#aqua-cant-support-some-tools-plugin-mechanism

@suzuki-shunsuke
Copy link
Member

I read the document of 1Password CLI Shell Plugin, but I'm not sure what aqua should do.
We need more details.

@suzuki-shunsuke
Copy link
Member

Oh, I see!
This issue means the 1Password CLI Shell Plugin for aqua, which passes GitHub access token to aqua via 1Password.

@nikolay
Copy link
Author

nikolay commented Aug 28, 2024

Yeah, @suzuki-shunsuke, sorry for not being clear. I guess, you support AQUA_GITHUB_TOKEN - I would say it makes sense to pass that and not the generic GITHUB_TOKEN.

@suzuki-shunsuke
Copy link
Member

I'm concern about the overhead of the plugin.
I'm not sure about the detail of the plugin, but if the plugin is executed every time aqua is executed, maybe the overhead affects the user experience.
When you execute tools installed by aqua, aqua is executed.

On the other hand, the plugin would improve the security, and the performance should be measured rather than imagined.

@suzuki-shunsuke
Copy link
Member

I'm not sure about the detail of the plugin, but if the plugin is executed every time aqua is executed, maybe the overhead affects the user experience.

If aqua supports the lazy load of a GitHub access token, this issue would be solved.
lazy load means aqua loads a GitHub access token only when aqua really needs it.

@suzuki-shunsuke
Copy link
Member

I found an interesting library.
It would be nice if aqua can get GitHub Access token from not only 1Password but also other secret stores.
https://github.com/99designs/keyring

@nikolay
Copy link
Author

nikolay commented Oct 8, 2024

@suzuki-shunsuke Yes, that library is used by the famous https://github.com/99designs/aws-vault and https://github.com/common-fate/granted and although there are some more actively developed equivalents, the one you mention is the only one in Go supporting Windows.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nikolay @suzuki-shunsuke