Platform or tool
linode-cli
Desired or expected behavior
The linode-cli currently appears to only support accessing one vault at a time (unless you write a separate .op/plugins/linode-cli.json into different directories). This makes it difficult to switch between accounts.
The json for the plugin contains:
{
"account_id": "<account-id>",
"entrypoint": [
"linode-cli"
],
"credentials": [
{
"plugin": "linode",
"credential_type": "personal_access_token",
"usage_id": "personal_access_token",
"vault_id": "<vault-id>",
"item_id": "<item-id>"
}
]
}
If this could be extended to support a list of items , then running op --account <whatever> plugin run linode-cli... should be able to pick out the right credentials from the global config.
In addition, a user might have multiple PATs in an account; the "credentials" field here is already a list, but I've not been able to have more than one PAT work in the plugin. Mapping the PATs to the linode-cli config would be ideal.
So for example, consider this linode-cli config file:
[DEFAULT]
default-user = priv
[priv]
# stuff here, for personal use in my.1password.com, vault1
[work1]
# stuff here, for work use in <company>.1password.com, vault1
[work2]
# stuff here, for work use in <company>.1password.com, vault2
[work3]
# stuff here, for work use in <company>.1password.com, vault2
Running op --account my.1password.com plugin run linode-cli ought to get the item for [priv]; running op --account <company>.1password.com --vault vault1 plugin run linode-cli ought to then get the item for [work1]. To differentiate between the items for [work2] and [work3], perhaps op --account <company>.1password.com --vault vault2 --item <item> plugin run linode-cli... ?
All the information for these mappings ought to be able to be placed into the single, global json file, so as not to require per-directory configs.
Current behavior
Current behavior is that if you import a second token, the plugin can no longer find the first.
Relevant log output
op CLI version
2.34.0
Platform or tool
linode-cli
Desired or expected behavior
The linode-cli currently appears to only support accessing one vault at a time (unless you write a separate
.op/plugins/linode-cli.jsoninto different directories). This makes it difficult to switch between accounts.The json for the plugin contains:
If this could be extended to support a list of items , then running
op --account <whatever> plugin run linode-cli...should be able to pick out the right credentials from the global config.In addition, a user might have multiple PATs in an account; the "credentials" field here is already a list, but I've not been able to have more than one PAT work in the plugin. Mapping the PATs to the linode-cli config would be ideal.
So for example, consider this linode-cli config file:
Running
op --account my.1password.com plugin run linode-cliought to get the item for[priv]; runningop --account <company>.1password.com --vault vault1 plugin run linode-cliought to then get the item for[work1]. To differentiate between the items for[work2]and[work3], perhapsop --account <company>.1password.com --vault vault2 --item <item> plugin run linode-cli...?All the information for these mappings ought to be able to be placed into the single, global json file, so as not to require per-directory configs.
Current behavior
Current behavior is that if you import a second token, the plugin can no longer find the first.
Relevant log output
op CLI version
2.34.0