undefined | Better HN

0 pointshalfcat5mo ago0 comments

And makes it invisible if you’re compromised in a supply chain attack.

The flip side would be, you install your dependencies, and one tries to run `op …` and you get a 1Password popup on your screen, which should surprise you because you didn’t run `op` yet. Supply chain attack mitigated (maybe).

With a service account there is no prompt and your secrets, though now more limited in scope, and exfiltrated successfully and silently.

Service accounts are definitely not the silver bullet. 1Password should just add more fine-grained permissions and prompting options to get closer to an ideal solution.

0 comments

e405mo ago

I agree with this. It would be nice if there was an option, per item in 1PW, that allowed a popup for access via the service account.

j / k navigate · click thread line to collapse

0 pointshalfcat5mo ago0 comments

And makes it invisible if you’re compromised in a supply chain attack.

With a service account there is no prompt and your secrets, though now more limited in scope, and exfiltrated successfully and silently.

Service accounts are definitely not the silver bullet. 1Password should just add more fine-grained permissions and prompting options to get closer to an ideal solution.

0 comments

e405mo ago

I agree with this. It would be nice if there was an option, per item in 1PW, that allowed a popup for access via the service account.

j / k navigate · click thread line to collapse