1Password has a great command line interface (CLI) framework. As my secrets manager of choice, I like to keep API keys in 1Password.
Meanwhile, I also use direnv to automagically establish environment variables in project directories. AI toolkits typically pick up their API keys via environment variables. OPENAI_API_KEY is the canonical example. Direnv picks up the variables to set up via a .envrc file.
Being super lazy, I’d rather not cut and paste from 1Password to append the right information to .envrc. I thought of writing a script from scratch, but then started poking around on the web. Then there’s this interesting comment on GitHub in a repository about connecting direnv and 1Password:
I just found out that you can just do this in .envrc, so I’m actually not sure what’s the main benefit of the plugin if that already works. Maybe I’m missing a use case though.
export MY_SECRET=${MY_SECRET_2:-$(op item get 'db/some-database' --fields password --format json | jq -r .value)}
I asked Claude to turn that one-liner into a script and wound up with this:
#!/bin/bash
# Usage: ./set-env.sh ENV_VAR_NAME OP_ITEM_SPEC [FIELD]
ENV_VAR="$1"
OP_ITEM="$2"
FIELD="${3:-token}"
if [ -z "$ENV_VAR" ] || [ -z "$OP_ITEM" ]; then
echo "Usage: $0 ENV_VAR_NAME OP_ITEM_SPEC [FIELD]"
exit 1
fi
EXPORT_LINE="export ${ENV_VAR}=\${${ENV_VAR}:-\$(op item get '${OP_ITEM}' --fields ${FIELD} --format json | jq -r .value)}"
# Check if the variable already exists and update/insert
if grep -q "^export ${ENV_VAR}=" .envrc; then
# Update existing line
sed -i.bak "/^export ${ENV_VAR}=/c\\
${EXPORT_LINE}" .envrc
echo "Updated ${ENV_VAR} in .envrc"
else
# Append new line
echo "${EXPORT_LINE}" >> .envrc
echo "Added ${ENV_VAR} to .envrc"
fi
Next up, hand this off to Claude Code Web to turn it into a Python CLI tool. I’d like to have more introspection and interactive selection of keys.
Generating a Bash script, test driving, then handing off to Claude Code for conversion to Python seems to be a development process that works for me.