op-cli
1Password CLI (op) — Secure Handling
Core Rule: Never Print Secrets
NEVER use op commands that would print secret values into the conversation. Always pipe directly to the consuming tool or use wc -c / redaction to verify without exposing.
# WRONG — would print secret to stdout (do not run)
# op item get ITEM_ID --vault VAULT --fields label=PASSWORD --reveal
# RIGHT — pipe directly to consumer
op item get ITEM_ID --vault VAULT --fields label=PASSWORD --reveal | \
wrangler secret put SECRET_NAME --env ENV
# RIGHT — verify a value exists without exposing it
op item get ITEM_ID --vault VAULT --fields label=PASSWORD --reveal 2>/dev/null | wc -c
Item Titles with Slashes
More from 0xbigboss/claude-code
react-best-practices
Use when reading or writing React components (.tsx, .jsx files with React imports).
2.6Ktypescript-best-practices
Use when reading or writing TypeScript or JavaScript files (.ts, .tsx, .js, tsconfig.json).
2.1Kpython-best-practices
Use when reading or writing Python files (.py, pyproject.toml, requirements.txt).
1.3Kweb-fetch
Fetches web content as clean markdown by preferring markdown-native responses and falling back to selector-based HTML extraction. Use for documentation, articles, and reference pages at http/https URLs.
780zig-best-practices
Use when reading or writing Zig files (.zig, build.zig, build.zig.zon).
349nix-best-practices
Use when working with Nix flakes, overlays, shell.nix, or flake.nix files.
318