#secret #1password #env #cli

app onepassword-secret-util

Enhance 1password secret expansion with the opx CLI

6 releases

0.0.6 Sep 4, 2023
0.0.5 Jun 23, 2023
0.0.4 Mar 11, 2023

#203 in Authentication

Download history 7/week @ 2023-11-09 2/week @ 2023-11-16 7/week @ 2023-11-23 14/week @ 2023-11-30 6/week @ 2023-12-07 6/week @ 2023-12-14 12/week @ 2023-12-21 6/week @ 2024-01-04 6/week @ 2024-01-25 6/week @ 2024-02-01 8/week @ 2024-02-08 161/week @ 2024-02-15

181 downloads per month

MIT license

170 lines


This tool allows you to use the opx binary to start an application with all .env files passed to op run ....


cargo install onepassword-secret-util

# start your app with secrets injected

The command above would run this in the background:

op run --env-file=.env --env-file=apps/web/.env -- npm start


Working example of it doing the correct thing in a demo repo:

opx ✔ $ opx
[OPX] Forcing terminal colors with FORCE_COLOR=1
[ENV] .env
[ENV] apps/demo/.env
[ENV] apps/other-app/.env
[OPX] op run --env-file=/Users/hacksore/Code/opensource/demo-1pass-secrets/.env --env-file=/Users/hacksore/Code/opensource/demo-1pass-secrets/apps/demo/.env --env-file=/Users/hacksore/Code/opensource/demo-1pass-secrets/apps/other-app/.env -- npm start

> demo-1pass-secrets@0.0.0 start
> turbo run start

• Packages in scope: demo, eslint-config-custom, other-app, tsconfig
• Running start in 4 packages
• Remote caching disabled
demo:start: cache bypass, force executing 545833253ebd38cc
other-app:start: cache bypass, force executing 2ed51133d14970ce
other-app:start: > other-app@1.0.0 start
other-app:start: > node main.js
demo:start: > demo@1.0.0 start
demo:start: > node main.js
demo:start: Hello this is a sample app that uses a secret from 1password cli
other-app:start: Hello this is a sample app that uses a secret from 1password cli
demo:start: Secret is: <concealed by 1Password>
other-app:start: Secret is: <concealed by 1Password>

 Tasks:    2 successful, 2 total
Cached:    0 cached, 2 total
  Time:    216ms


How i link it

# dev
cargo watch -x "build --release"

# link it
export PATH="$HOME/code/opensource/onepassword-secret-util/target/release:$PATH"


  • How do you handle duplicate env vars?
  • How do you handle different environment dimensions (.env.local vs .env.production, etc)


~108K SLoC