My current employer uses 1password and it has a couple of nifty features like "vaults" shared with a group of people, an "op run" command to inject secrets using a .env file, service accounts to fetch passwords in CI, etc.
Sounded nice, but I'm not sure what this actually adds. I'm currently using 1Password for doing "environments", but it's all using the existing `op` CLI.
So adding a new collaborator to the project would involve adding them to the vault, then there is a shell script in the project that uses the CLI to write a new `.env` depending on the values from `op`.
Seems like this new environment stuff wouldn't add anything compared to such setup, at least today, is that fair? Seems to be even more manual and require copy-pasting, unless I misunderstand what the feature actually is.
Yeah, I think the idea is instead of writing a .env you would, perhaps eventually, have a command like op that just loads the environment whole cloth. But you probably won't get much value out of that today.
for a complete solution to dev envs and production secret management I use Envie https://github.com/ilmari-h/envie
it's like a drop in replacement for traditional env files
