A token validity test would make op more useful for scripting
I'd like to be able to embed "op" in shell scripts and shell aliases. One problem I ran into is that there isn't a simple way to determine whether a session token is valid. What I'd like to do is at the top of the script do something like:if [ `op test vault` != "valid" ]; then eval $(op signin vault); fi
and use that in any script that needs op commands. The other alternatives have serious downsides: If we use the eval, then every script asks for password, which is too much friction. This is even more important when you think a out the fact that a script with an op command can fail mid-script, and if it had side-effects then cleanup is a pain. On the other hand if there can be a test up-front, then you are asked at the time the script is invoked.
Another trick might be to use bash/zsh aliases like this:alias secureprog="if [ `op test vault` !== 'valid' ]; then eval $(op signin vault); fi; /path/to/secureprog"
That way if the current shell session needs to be refreshed, the shell is updated, and the program always gets a valid token
1Password Version: op cli 0.5.6
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:cli
Comments
-
Update: I saw a post from @mickael that used
op get accountto refresh the session. That would work for test purposes. The exit code seems to be 0 if session is valid, 1 if not signed in, and 145 if signed in but expired.
I'll use that in the interim. It would still be useful to have a test function that can determine whether the token is expired, without needing to hit your server. One simple implementation could be just appending an integer utc timestamp to the token0
