Skip to content

Add op item create fallback for new secrets#10

Merged
shiftcontrol-dan merged 4 commits intomainfrom
fix/remove-secret-char-count-from-logs
Mar 17, 2026
Merged

Add op item create fallback for new secrets#10
shiftcontrol-dan merged 4 commits intomainfrom
fix/remove-secret-char-count-from-logs

Conversation

@shiftcontrol-dan
Copy link
Contributor

@shiftcontrol-dan shiftcontrol-dan commented Mar 17, 2026

Summary

  • op_write now falls back to op item create when op item edit fails because the item doesn't exist
  • Supports new OAuth credentials that don't have a pre-existing 1Password item
  • Zeroizes assignment string containing secret value after CLI invocation
  • Extracts error detection marker to a named constant
  • Removes remaining secret char count from SET log
  • Bumps version to 0.2.0

Test plan

  • cargo check passes
  • cargo test passes (6 tests)
  • cargo fmt applied
  • Manual test: SET with non-existent item creates it in 1Password

@shiftcontrol-dan
Remove secret character counts from log output
bc0b0ac 
Logging the character count of resolved secrets leaks information about
secret size, which can aid attackers in identifying or narrowing down
credential types. Strip the char count from both the info-level resolve
log and the debug-level write log.

Signed-off-by: Dan Gericke <dan@shiftcontrol.io>
@shiftcontrol-dan
Add op item create fallback when item doesn't exist
1265f5e 
op_write now detects "item not found" errors from `op item edit` and
falls back to `op item create --category=password`. This supports new
OAuth credentials that don't have a pre-existing 1Password item.

Also zeroizes the assignment string containing the secret value after
CLI invocation, and extracts the error detection marker to a constant.

Signed-off-by: Dan Gericke <dan@shiftcontrol.io>
@shiftcontrol-dan
style: apply cargo fmt
f9f7706 
Signed-off-by: Dan Gericke <dan@shiftcontrol.io>
@shiftcontrol-dan
chore: bump version to 0.2.0
7af423c 
Signed-off-by: Dan Gericke <dan@shiftcontrol.io>
@amazon-inspector-singapore
Copy link

amazon-inspector-singapore bot commented Mar 17, 2026

⏳ I'm reviewing this pull request for security vulnerabilities and code quality issues. I'll provide an update when I'm done

@amazon-inspector-singapore
Copy link

amazon-inspector-singapore bot commented Mar 17, 2026

✅ I finished the code review, and didn't find any security or code quality issues.

@shiftcontrol-dan shiftcontrol-dan merged commit f194892 into main Mar 17, 2026
4 checks passed
@shiftcontrol-dan shiftcontrol-dan deleted the fix/remove-secret-char-count-from-logs branch March 17, 2026 12:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@shiftcontrol-dan