op CLI version
all
Goal or desired behavior
For platforms that support short-lived access tokens through their own CLI tools (ex: gh/aws), the 1password plugin accepting potentially long-lived access token potentially degrades security posture of these tools. For a user unaware of the difference, this is a potential risk.
Examples:
- Aws:
aws sso login --sso-session <account-name> creates short lived tokens
- Github:
gh auth login craete a token for the shell and stores in system keychain
Current behavior
1password requests the user to create a token (potentially not-expiring due to the steps involved in the manual propcess).
Relevant log output
op CLI version
all
Goal or desired behavior
For platforms that support short-lived access tokens through their own CLI tools (ex: gh/aws), the 1password plugin accepting potentially long-lived access token potentially degrades security posture of these tools. For a user unaware of the difference, this is a potential risk.
Examples:
aws sso login --sso-session <account-name>creates short lived tokensgh auth logincraete a token for the shell and stores in system keychainCurrent behavior
1password requests the user to create a token (potentially not-expiring due to the steps involved in the manual propcess).
Relevant log output