fix: only check for op if 1Password holds secrets (#2093)

fixes #2090
TBD54566975 · Jul 17, 2024 · 894b473 · 894b473
1 parent 1e695b0
commit 894b473
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/common/configuration/1password_provider.go b/common/configuration/1password_provider.go
@@ -42,8 +42,13 @@ func (o OnePasswordProvider) SyncInterval() time.Duration {
 
 // Sync will fetch all secrets from the 1Password vault and store them in the values map.
 // Do not just sync the o.Vault, instead find all vaults found in entries and sync them.
-// If there are no entries, we should not attempt any access of 1Password.
 func (o OnePasswordProvider) Sync(ctx context.Context, entries []Entry, values *xsync.MapOf[Ref, SyncedValue]) error {
+	if len(entries) == 0 {
+		// Do not check for 1Password binary or call 1Password's CLI at all.
+		// Those checks can log unnecessary errors or prompt the user to unlock 1Password.
+		values.Clear()
+		return nil
+	}
 	logger := log.FromContext(ctx)
 	if err := checkOpBinary(); err != nil {
 		return err