Initial 1password Feedback

[andrewthauer]

Just tried out fnox with 1password and seems to work nicely. Though I noticed a few things:

• I did not need to set OP_SERVICE_ACCOUNT_TOKEN or create a service account. In fact, I'm perfectly fine with this since setting up and managing service accounts when you have op CLI setup is unnecessary. I do see warnings about OP_SERVICE_ACCOUNT_TOKEN not being set though.

• The provider.vault key is required for type 1password even when using op:// secrets references. Though, I was also able to just set a dummy value and resolve secrets from different vaults within the same account as per the provider. Perhaps vault should be optional as well?

• It looks like fnox will resolve every item one by one by forking out to op read. Another approach is piping secrets references to op inject to resolve a batch of secrets references in one call vs one by one. Having core support for batching secret resolution across providers would be ideal to improve the performance and efficiency of resolving external secrets.

[andrewthauer]

To address the last point. I wonder if the Provider trait should support a get_many_secrets (or something) function? That way if a provider supports this it could be used instead of just get_secret for every secret for the same provider. Happy to move that to it's own discussion as well.