MCPcopy Index your code
hub / github.com/SamSaffron/op-cache

github.com/SamSaffron/op-cache @main

Chat with this repo
repository ↗ · DeepWiki ↗ · + Follow
81 symbols 163 edges 11 files 17 documented · 21%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

op-cache

A fast caching proxy for 1Password CLI op read commands.

Why?

op read is slow (~200-500ms) because it needs to communicate with the 1Password desktop app. If you're reading the same secret multiple times (e.g., in scripts), this adds up.

op-cache maintains a local daemon that caches secrets in memory, reducing repeated reads to ~1-2ms.

Installation

cargo install --path .

Or build manually:

cargo build --release
# Binary at target/release/op-cache

Usage

# Read a secret (auto-starts daemon if needed)
op-cache read op://vault/item/field

# Check daemon status
op-cache status

# View cache statistics
op-cache stats

# Clear the cache
op-cache clear

# Stop the daemon
op-cache stop

Running Commands with Secrets

op-cache run scans your environment for variables with op:// values, resolves them all concurrently through the cache, then replaces the current process with your command (via exec). If any resolution fails, the command is aborted.

# Run a command with secrets in env vars
export DATABASE_URL="op://Private/DB/url"
export API_KEY="op://Private/API/token"
op-cache run -- ./my-app

# Works with any command
op-cache run -- env | grep SECRET
op-cache run -- docker compose up

Example

$ op-cache read op://Private/API/token
sk-abc123...

$ op-cache stats
Cache Statistics:
  Entries: 1
  Hits:    0
  Misses:  1
  Hit Rate: 0.0%

$ op-cache read op://Private/API/token  # Cache hit - fast!
sk-abc123...

$ op-cache stats
Cache Statistics:
  Entries: 1
  Hits:    1
  Misses:  1
  Hit Rate: 50.0%

How It Works

┌─────────────┐                      ┌─────────────┐
│  op-cache   │◄── Unix Socket ────►│   Daemon    │
│  (client)   │   /tmp/op-cache.sock │  (cache)    │
└──────┬──────┘                      └─────────────┘
       │
       │ cache miss
       ▼
┌─────────────┐
│   op read   │
└─────────────┘
  1. Client checks daemon cache for the secret
  2. On cache hit: return immediately (~1-2ms)
  3. On cache miss: client runs op read, stores result in cache, returns value
  4. Daemon is auto-started on first use

The client (not the daemon) executes op read. This ensures proper access to your desktop session and 1Password app integration.

Configuration

Config file: ~/.config/op-cache/config.yaml

socket_path: /tmp/op-cache.sock
ttl_seconds: 86400      # Cache TTL (default: 24 hours)
max_entries: 1000       # Max cached secrets
op_path: op             # Path to op CLI
op_timeout_seconds: 30  # Timeout for op commands

All settings are optional - sensible defaults are used.

Performance

Operation Latency
Cache hit ~1-2ms
Cache miss ~200-500ms (op read time)
Cold start ~50ms (daemon spawn)

Security Notes

  • Secrets are cached in memory only (never written to disk)
  • Cache is per-user (Unix socket permissions)
  • TTL ensures secrets expire (default 24 hours)
  • op-cache clear immediately purges all cached secrets
  • Daemon stops cleanly on op-cache stop or system shutdown

License

MIT

Core symbols most depended-on inside this repo

insert
called by 7
src/daemon/cache.rs
collect_op_refs
called by 6
src/run.rs
send_request
called by 5
src/client.rs
build_env
called by 5
src/run.rs
pid_path
called by 4
src/config.rs
ensure_daemon_running
called by 3
src/spawn.rs
is_running
called by 3
src/daemon/mod.rs
load
called by 2
src/config.rs

Shape

Function 48
Method 23
Class 6
Enum 4

Languages

Rust100%

Modules by API surface

src/client.rs19 symbols
src/run.rs13 symbols
src/config.rs11 symbols
src/main.rs9 symbols
src/daemon/mod.rs6 symbols
src/daemon/cache.rs6 symbols
src/protocol.rs5 symbols
src/daemon/server.rs5 symbols
src/spawn.rs3 symbols
src/error.rs2 symbols
src/cli.rs2 symbols

For agents

$ claude mcp add op-cache \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact