@qui-cli/env-1password 1.2.8 → 1.2.9

package/CHANGELOG.md

@@ -2,6 +2,8 @@
 
 All notable changes to this project will be documented in this file. See [commit-and-tag-version](https://github.com/absolute-version/commit-and-tag-version) for commit guidelines.
 
+## [1.2.9](https://github.com/battis/qui-cli/compare/env-1password/1.2.8...env-1password/1.2.9) (2026-01-19)
+
 ## [1.2.8](https://github.com/battis/qui-cli/compare/env-1password/1.2.7...env-1password/1.2.8) (2026-01-18)
 
 

package/README.md

@@ -1,20 +1,24 @@
 # @qui-cli/env-1password
 
-@qui-cli Plugin: Standardized environment configuration
+@qui-cli Plugin: Standardized environment configuration with 1Password support
 
 [![npm version](https://badge.fury.io/js/@qui-cli%2Fenv-1password.svg)](https://npmjs.com/package/@qui-cli/env-1password)
 [![Module type: ESM](https://img.shields.io/badge/module%20type-esm-brightgreen)](https://nodejs.org/api/esm.html)
 
+## Note
+
+This plugin is identical to [@qui-cli/env](https://npmjs.com/package/@qui-cli/env), with the exception that it includes that package's optional peer dependency [@1password/sdk](https://www.npmjs.com/package/@1password/sdk).
+
 ## Install
 
 ```sh
-npm install @qui-cli/env-1password
+npm install @qui-cli/env
 ```
 
 ## Usage
 
 ```ts
-import { Env } from '@qui-cli/env-1password';
+import { Env } from '@qui-cli/env';
 
 // configure desired environment path
 Env.configure({ path: '../../.env' });
@@ -31,14 +35,19 @@ Any plugin that depends on this plugin can assume that the `.env` file environem
 
 ### 1Password integration
 
-This package integrates with [@1password/sdk](https://www.npmjs.com/package/@1password/sdk) to inject values from 1Password vaults into the environment for use by the script.
+For full integration, also install the [1Password CLI](https://developer.1password.com/docs/cli/) which will allow you to look up a [1Password service account](https://developer.1password.com/docs/service-accounts/security/) token by identifier.
 
-1. Follow [the 1Password CLI directions to create a service account](https://developer.1password.com/docs/service-accounts/get-started/).
-2. Install [@1password/sdk](https://www.npmjs.com/package/@1password/sdk) as a peer of `@qui-cli/env`.
-3. Update environment variables to be [secret references](https://developer.1password.com/docs/cli/secret-references)
-4. Run!
+The configuration options `opToken`, `opItem`, and `opAccount` may all be passed as command-line options. For example:
 
-See [dev-env-1password](https://github.com/battis/qui-cli/tree/main/examples/dev-env-1password#readme) for an example using the 1Password implementation of this package.
+```sh
+example --opToken "$(op item get ServiceAccountToken)"
+```
+
+If the [1Password CLI tool](https://developer.1password.com/docs/cli) is installed, then `opItem` and `opAccount` can be used:
+
+```sh
+example --opAccount example.1password.com --opitem "My Token Identifier"
+```
 
 ## Configuration
 
@@ -62,40 +71,34 @@ Whether or not to load the `.env` file into `process.env` immediately. Defaults
 
 Path to desired `.env` file relative to `root`. Defaults to `'.env'`;
 
-### `opToken`
+### 1Password configuration
 
-1Password service account token
+If 1Password secret references are stored in the environment, a 1Password service account token is required to access the secret values.
 
-### `opItem`
+#### `opToken`
 
-Name or ID of the 1Password API Credential item storing the 1Password service account token
+1Password service account token; will use environment variable `OP_TOKEN` if present
 
-### `opAccount`
+#### `opItem`
 
-1Password account to use (if signed into multiple)
+Name or ID of the 1Password API Credential item storing the 1Password service account token; will use environment variable `OP_ITEM` if present. Requires the [1Password CLI tool](https://developer.1password.com/docs/cli).
 
-## Options
-
-The configuration options `opToken`, `opItem`, and `opAccount` may all be passed as command-line options. For example:
+#### `opAccount`
 
-```sh
-example --opToken "$(op item get ServiceAccountToken)"
-```
+1Password account to use (if signed into multiple); will use environment variable `OP_ACCOUNT` if present
 
-If the [1Password CLI tool](https://developer.1password.com/docs/cli) is installed, then `opItem` and `opAccount` can be used:
+## Options
 
-```sh
-example --opItem ServiceAccountToken
-```
+When the optional peer dependency [@1password/sdk](https://www.npmjs.com/package/@1password/sdk) is installed, `Env` exposes `opAccount`, `opItem`, and `opToken` as command-line options.
 
 ## Initialization
 
-`Env` loads the specified `.env` file into `process.env`. If 1Password secret references are found in the environment, those references are loaded into the `process.env` from the 1Password vault (if a service account token is provided).
+`Env` loads the specified `.env` file into `process.env`.
 
 ## API
 
 ```ts
-import { Env } from '@qui-cli/env-1password';
+import { Env } from '@qui-cli/env';
 ```
 
 ### `Env.parse(file?)`

package/dist/index.d.ts

@@ -1,2 +1 @@
-import * as Env from './1Password.js';
-export { Env };
+export * from '@qui-cli/env';

package/dist/index.js

@@ -1,4 +1 @@
-import { register } from '@qui-cli/plugin';
-import * as Env from './1Password.js';
-export { Env };
-await register(Env);
+export * from '@qui-cli/env';

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@qui-cli/env-1password",
-  "version": "1.2.8",
-  "description": "@qui-cli Plugin: Standardized environment configuration",
+  "version": "1.2.9",
+  "description": "@qui-cli Plugin: Standardized environment configuration with 1Password support",
   "homepage": "https://github.com/battis/qui-cli/tree/main/packages/env-1password#readme",
   "repository": {
     "type": "git",
@@ -18,9 +18,7 @@
   "types": "./dist/index.d.ts",
   "dependencies": {
     "@1password/sdk": "^0.3.1",
-    "@battis/import-package-json": "^0.1.7",
-    "dotenv": "^17.2.3",
-    "@qui-cli/colors": "3.2.3"
+    "@battis/import-package-json": "^0.1.7"
   },
   "devDependencies": {
     "@tsconfig/node24": "^24.0.4",
@@ -29,17 +27,11 @@
     "del-cli": "^7.0.0",
     "npm-run-all": "^4.1.5",
     "typescript": "^5.9.3",
-    "@qui-cli/log": "4.0.3",
-    "@qui-cli/plugin": "4.1.0",
-    "@qui-cli/env": "5.0.4",
-    "@qui-cli/root": "3.1.0",
-    "@qui-cli/shell": "3.1.2"
+    "@qui-cli/shell": "3.1.2",
+    "@qui-cli/env": "5.1.0"
   },
   "peerDependencies": {
     "@qui-cli/env": ">=5",
-    "@qui-cli/log": ">=3",
-    "@qui-cli/plugin": ">=3",
-    "@qui-cli/root": ">=3",
     "@qui-cli/shell": ">=3"
   },
   "target": "node",

package/dist/1Password.d.ts

@@ -1,31 +0,0 @@
-import { Env } from '@qui-cli/env';
-import * as Plugin from '@qui-cli/plugin';
-export type Configuration = Plugin.Configuration & Env.Configuration & {
-    /**
-     * 1Password service account token; will use the environment variable
-     * OP_TOKEN if present
-     */
-    opToken?: string;
-    /**
-     * Name or ID of the 1Password API Credential item storing the 1Password
-     * service account token; will use environment variable OP_ITEM if present
-     */
-    opItem?: string;
-    /**
-     * 1Password account to use (if signed into multiple); will use environment
-     * variable OP_ACCOUNT if present
-     */
-    opAccount?: string;
-    /** @deprecated Use {@link opToken} */
-    serviceAccountToken?: string;
-};
-export declare const name = "env-1password";
-export declare function configure(proposal?: Configuration): Promise<void>;
-export declare function options(): Plugin.Options;
-export declare function init({ values }: Plugin.ExpectedArguments<typeof options>): Promise<void>;
-export declare function parse(file?: string): Promise<import("dotenv").DotenvParseOutput>;
-export declare function get({ key, file }: Env.GetOptions): Promise<string>;
-export declare function exists({ key, file }: Parameters<(typeof Env)['exists']>[0]): Promise<boolean>;
-/** Requires a service account with write privileges */
-export declare function set({ key, value, file, ...rest }: Env.SetOptions): Promise<void>;
-export declare const remove: typeof Env.remove;

package/dist/1Password.js

@@ -1,191 +0,0 @@
-import { createClient } from '@1password/sdk';
-import { importLocal } from '@battis/import-package-json';
-import { Colors } from '@qui-cli/colors';
-import { Env } from '@qui-cli/env';
-import { Log } from '@qui-cli/log';
-import { Shell } from '@qui-cli/shell';
-import path from 'node:path';
-export const name = 'env-1password';
-let client = undefined;
-const config = {};
-export async function configure(proposal = {}) {
-    for (const key in proposal) {
-        if (proposal[key] !== undefined) {
-            config[key] = proposal[key];
-        }
-    }
-    config.opToken = config.opToken || config.serviceAccountToken;
-    await Env.configure({ ...config, load: false });
-    if (config.opItem && !config.opToken) {
-        const silent = Shell.isSilent();
-        const showCommands = Shell.commandsShown();
-        const logging = Shell.isLogging();
-        Shell.configure({ silent: true, showCommands: false, logging: false });
-        const { stdout, stderr } = Shell.exec(`op item get ${config.opAccount ? `--account "${config.opAccount}" ` : ''}--reveal --fields credential "${config.opItem}"`);
-        if (stdout.length) {
-            config.opToken = stdout.trim();
-        }
-        else {
-            Log.fatal(stderr);
-            process.exit(1);
-        }
-        Shell.configure({ silent, showCommands, logging });
-    }
-    if (config.opToken) {
-        const pkg = await importLocal(path.join(import.meta.dirname, '../package.json'));
-        client = await createClient({
-            auth: config.opToken,
-            integrationName: pkg.name.replace(/^(\/|@)/, '').replace(/[/@]+/g, '-'),
-            integrationVersion: pkg.version
-        });
-        if (config.load) {
-            await parse();
-        }
-    }
-    else if (config.load) {
-        await Env.parse();
-    }
-}
-export function options() {
-    return {
-        man: [
-            {
-                level: 1,
-                text: '1Password environment integration'
-            },
-            {
-                text: 'Store 1Password secret references in your environment, rather than the actual secrets.'
-            },
-            {
-                text: `If 1Password secret references are stored in the environment, a 1Password service account token is required to access the secret values, which will be loaded into ${Colors.varName('process.env')}. The service account token can be passed directly as the ${Colors.optionArg('--opToken')} argument (e.g. ${Colors.command(`example --opToken "$(${Colors.keyword('op')} item get myToken)"`, Colors.keyword)}) or, if the 1Password CLI tool is also installed, by simply passing the name or ID of the API Credential in your 1Password vault that holds the service account token (e.g. ${Colors.command(`example --opItem myToken`, Colors.keyword)}). If you are signed into multiple 1Password account, use the ${Colors.optionArg('--opAccount')} argument to specify the account containing the token.`
-            },
-            { text: Colors.url('https://developer.1password.com/docs/cli') }
-        ],
-        opt: {
-            opAccount: {
-                description: `1Password account to use (if signed into multiple); will use environment variable ${Colors.varName('OP_ACCOUNT')} if present`,
-                hint: 'example.1password.com',
-                default: config.opAccount
-            },
-            opItem: {
-                description: `Name or ID of the 1Password API Credential item storing the 1Password service account token; will use environment variable ${Colors.varName('OP_ITEM')} if present`,
-                hint: '1Password unique identifier',
-                default: config.opItem
-            },
-            opToken: {
-                description: `1Password service account token; will use environment variable ${Colors.varName('OP_TOKEN')} if present`,
-                hint: 'token value',
-                secret: true,
-                default: config.opToken || config.serviceAccountToken
-            },
-            serviceAccountToken: {
-                description: `1Password service account token (deprecated, use ${Colors.optionArg('--opToken')})`,
-                hint: 'token value',
-                secret: true,
-                default: config.serviceAccountToken
-            }
-        }
-    };
-}
-export async function init({ values }) {
-    const { opAccount = process.env.OP_ACCOUNT, opItem = process.env.OP_ITEM, opToken = process.env.OP_TOKEN } = values;
-    await configure({ opAccount, opItem, opToken, ...values });
-    parse();
-}
-function isSecretReference(value) {
-    return (value &&
-        value !== null &&
-        typeof value === 'string' &&
-        /^op:\/\//.test(value));
-}
-function secretReferences(parsed) {
-    return Object.fromEntries(Object.entries(parsed).filter((entry) => isSecretReference(entry[1])));
-}
-// FIXME parse is not loading 1Password secrets into process.env
-// Issue URL: https://github.com/battis/qui-cli/issues/81
-export async function parse(file) {
-    const parsed = await Env.parse(file);
-    if (client) {
-        for (const key in secretReferences(parsed)) {
-            parsed[key] = await client.secrets.resolve(parsed[key]);
-            process.env[key] = parsed[key];
-        }
-    }
-    else if (Object.keys(secretReferences(parsed)).length) {
-        throw new Error('Attempt to parse .env file containing secret reference without a 1Password client');
-    }
-    return parsed;
-}
-export async function get({ key, file }) {
-    return (await parse(file))[key];
-}
-export async function exists({ key, file }) {
-    return Env.exists({ key, file });
-}
-function secretFrom(secretReference) {
-    // eslint-disable-next-line prefer-const
-    let [vault, item, section, field] = secretReference
-        .replace(/^op:\/\//, '')
-        .split('/');
-    if (field === undefined) {
-        field = section;
-        section = '';
-    }
-    return { vault, item, section, field };
-}
-async function itemFrom(secret) {
-    if (client) {
-        const vault = (await client.vaults.list())
-            .filter((vault) => vault.title == secret.vault)
-            .shift();
-        if (vault) {
-            const item = (await client.items.list(vault.id))
-                .filter((item) => item.title === secret.item || item.id === secret.item)
-                .shift();
-            if (item) {
-                return await client.items.get(vault.id, item.id);
-            }
-        }
-    }
-    return undefined;
-}
-/** Requires a service account with write privileges */
-export async function set({ key, value, file, ...rest }) {
-    const prev = await Env.get({ key, file });
-    if (prev && isSecretReference(prev)) {
-        if (client) {
-            const secret = secretFrom(prev);
-            const item = await itemFrom(secret);
-            if (item) {
-                const updated = {
-                    ...item,
-                    fields: item.fields.map((field) => {
-                        const section = item.sections.find((s) => s.id === field.sectionId);
-                        if (secret.field === field.title || secret.field === field.id) {
-                            if ((!secret.section &&
-                                (field.sectionId === '' || field.sectionId === 'add more')) ||
-                                secret.section === section?.title ||
-                                secret.section === section?.id) {
-                                return { ...field, value };
-                            }
-                        }
-                        return field;
-                    })
-                };
-                await client.items.put(updated);
-            }
-            else {
-                throw new Error('1Password item could not be found');
-            }
-        }
-        else {
-            throw new Error('Attempt to update .env file value that is currently a secret reference without a 1Password client');
-        }
-    }
-    else {
-        // FIXME handle creating a new secret reference
-        // Issue URL: https://github.com/battis/qui-cli/issues/63
-        return await Env.set({ key, value, file, ...rest });
-    }
-}
-export const remove = Env.remove;