Separate plugin and executable

[osiegmar]

op CLI version

2.12.0

Goal or desired behavior

It would be great being able to use plugins with configurable executables.

I'm using Terraform in an AWS environment for example. I'd like to use the aws plugin to authenticate when using Terraform.

Maybe a new flag can be introduced:

alias aws="op plugin run -- aws"
alias terraform="op plugin run --exec /usr/bin/terraform -- aws"

That should also help on #120

Additional safety measures are required to protect malicious misuse. Somebody could enter to an open terminal session:

alias aws="op plugin run --exec /tmp/evil_aws_credential_sniffer -- aws"

Maybe a configurable whitelist for valid executables?

Merry Christmas! 🎅

Current behavior

Currently I'm using https://github.com/broamski/aws-mfa which unfortunately lacks 1Password support for obtaining the MFA token.

Relevant log output

No response

[SimonBarendse]

@scottlamb shared a similar use case in #180 (comment):

The biggest problem I see with this plugin is something else entirely: AFAICT it only runs aws commands, when really there are tons of other programs that use ~/.aws, including e.g. npx aws-cdk and whatever else is written with AWS SDKs. Those don't get the STS provisioner's environment variables, and so setting up ~/.aws to require that environment means they don't work (unless I supply a similar environment by hand / in some other way when invoking them). That's a deal-breaker. I need an easy way to invoke arbitrary commands in this same environment.