This is a really useful command. Previously, we’ve been using “op read” to get items from 1Password. Man is it slow, even though you are logged into 1Password on the client, it takes a about a second for each of say 25 API keys to get pulled. Why 25 do you say? Well, it’s the world of using lots of different LLMs from different providers.
The good news is that there is a new command op inject which batches everything together and with Here docs, it becomes very easy to do it 10x faster:
eval "$(cat <<-'EOF' | op inject
export ANTHROPIC_API_KEY="op://DevOps/Anthropic API Key Dev/api key"
export OPENAI_API_KEY='{{ op://DevOps/OpenAI API Key Dev/api key }}'
EOF
)"Now here is where the subtleties and fun begin:
- That cat statement looks pretty weird. The reason we are doing this is to prevent writing the actual really subtle. If it were not for the evaluation, it would be the traditional, “op inject <<-EOF” which would pipe the Heredoc into the op inject. But because we have a subshell, the pipe actually binds outside
- The second thing to note is that op inject is all or none. That is everything inside has to work. There has to be a key for everything or you will get an error and you will get non of your keys, so watch the error messages
- The next is more subtle, until 1Password r2.0.0 cli, spaces just plain didn’t work but now there are two valide syntax forms, you can have a double quoted “op://” string or you can enclose an UNQUOTED string in handlebars so it is `{{ op://foobar asdf/ asdf / }} however if you quote inside the handlebars then it won’t evaluate, basically it is using Go or Jinga templating, but this is undocumented
- There is a bug where if you have identically named items in “Archived” then it won’t either, so you have to make sure to go look for API keys in Archived. What a pain!
Leave a Reply
Only people in my network can comment.