Recent versions of rails takes this approach. But I’ve wondered: is it possible to avoid copying the key onto disk, and leave it in 1Password, eg via their cli?
Yes, it is possible to inject secrets directly into a subprocess without writing them to disk via op run. Also see https://news.ycombinator.com/item?id=41482194 … we responded to the parent around the same time :D