@@ -1,21 +1,32 @@
function opx --description "Run command with 1Password secret refs resolved"
- set -l env_overrides-
+ set -l vars_to_resolve
+ set -l refs
+
for var in (set --names -x)
set -l value $$var
if string match -q 'op://*' -- $value
- set -l resolved (op read "$value" 2>/dev/null)- if test $status -ne 0- echo "opx: failed to resolve $var ($value)" >&2- return 1- end- set -a env_overrides "$var=$resolved"
+ set -a vars_to_resolve $var
+ set -a refs $value
end
end
- - if test (count $env_overrides) -eq 0
+
+ if test (count $vars_to_resolve) -eq 0
$argv
- else- env $env_overrides $argv
+ return
end
+
+ # Build template: VAR=op://ref (one per line)
+ set -l template_lines
+ for i in (seq (count $vars_to_resolve))
+ set -a template_lines "$vars_to_resolve[$i]=$refs[$i]"
+ end
+
+ # Single op call resolves everything
+ set -l resolved_lines (printf '%s\n' $template_lines | op inject 2>/dev/null)
+ if test $status -ne 0
+ echo "opx: failed to resolve secrets" >&2
+ return 1
+ end
+
+ env $resolved_lines $argv
end