I know the secret key is saved in the
~/.op/config file, after the first login, however I'm having trouble working out how the master password would be applied client side in the decryption process for subsequent commands since the op tool doesn't seem to keep an agent running. Is the vault decrypted server side? If so why isn't this more prominently mentioned, and if not how are you using the master password to derive the decryption key in subsequent runs?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided