1Password CLI (`op`) — Secure Handling

Core Rule: Never Print Secrets

NEVER use op commands that would print secret values into the conversation. Always pipe directly to the consuming tool or use wc -c / redaction to verify without exposing.

# WRONG — would print secret to stdout (do not run)
# op item get ITEM_ID --vault VAULT --fields label=PASSWORD --reveal

# RIGHT — pipe directly to consumer
op item get ITEM_ID --vault VAULT --fields label=PASSWORD --reveal | \
  wrangler secret put SECRET_NAME --env ENV

# RIGHT — verify a value exists without exposing it
op item get ITEM_ID --vault VAULT --fields label=PASSWORD --reveal 2>/dev/null | wc -c

op-cli

1Password CLI (`op`) — Secure Handling

Core Rule: Never Print Secrets

Item Titles with Slashes

op-cli

1Password CLI (op) — Secure Handling

Core Rule: Never Print Secrets

Item Titles with Slashes

1Password CLI (`op`) — Secure Handling