Request: Add 1password shell plugin

[koenbeckers]

1password has recently added shell plugins, where it can push details to environment variables directly to the CLI.
For example with AWS CDK: https://developer.1password.com/docs/cli/shell-plugins/aws-cdk-toolkit/

I'd love to be able to use this with saml2aws, as it could autofill email, password and 2fa.

[podpah]

This or the ability to use browser extensions would be great to allow 1Password use

[janpuc]

Agree, for now I'm using something like this under the hood in my .aws/config file to connect to multiple accounts:

SAML2AWS_USERNAME="op://<Vault>/<Okta>/username"
SAML2AWS_PASSWORD="op://<Vault>/<Okta>/password"
SAML2AWS_MFA_TOKEN="op://<Vault>/<Okta>/one-time password?attribute=otp"
SAML2AWS_URL="op://<Vault>/<AWS SAML Acc>/url"
op run -- saml2aws login --role <ROLE ARN> --credential-process

With that I'm able to have one default .saml2aws configuration and I just alias cmds with correct URLs injected from 1Pass

[podpah]

I've tried that (couldn't get it working in config file but set it as an env var) and my username gets filled by 1Password, but it doesn't seem like the password gets filled nor does it ask me for 2FA, just takes me to Playwright to authenticate on browser (without even filling the email there)

[jmason]

Working nicely here! This is what I'm using:

  SAML2AWS_MFA_TOKEN="op://Personal/{name of item}/one-time password?attribute=otp" \
  SAML2AWS_USERNAME="op://Personal/{name of item}/username" \
  SAML2AWS_PASSWORD="op://Personal/{name of item}/password" \
  SAML2AWS_IDP_ACCOUNT="{idp account name}" \
  SAML2AWS_PROFILE="{aws profile name}" \
  op run -- saml2aws login --skip-prompt

[hejfelix]

doesn't work for AzureAD provider 😢

[Kyle-Esper]

The above works most of the time, but fails sometimes with
Error authenticating to IdP.: error loading challenge page: unable to extract skip form: could not find form with query "form[action$=\"skip\"]"