Why should consumers have all the fun (and less friction) using biometrics to stay secure? 1Password offers a suite of tools to help developers work faster and more securely. One of these tools is 1Password Shell Plugins, which enables one-touch access to command-line interfaces (CLIs) in your terminal.
Know of a CLI we haven’t built a Shell Plugin for yet? Great news: you can build your own!
Many developers have done just that. In a recent episode of our Random but Memorable podcast, host Michael Fey (aka Roo) talked with Kanad Gupta, the creator of the ReadMe Shell Plugin. Read the interview below (or listen to the podcast episode) to learn about Kanad’s experience using 1Password Developer Tools, how he built the ReadMe Shell Plugin – and how you can create one, too.
Michael Fey: Can you explain what ReadMe is?
Kanad Gupta: ReadMe is a small startup. We’re essentially a CMS platform for API-first companies that are trying to build out an interactive developer hub so people can use their API successfully. Our users range from small mom-and-pop API companies to enterprises as large as Amazon and Lyft.
In my opinion, we have the best API reference for REST APIs in the game, where you can actually make API calls directly from the docs, tooling to help you understand API usage, and the like.
MF: Tell us what you’re like as a developer. What’s your area of expertise and what types of projects do you usually work on?
KG: I describe myself as a “fullish” stack JavaScript developer – with a slight preference towards server-side development. Saying “full stack” implies that I have a full understanding of the entire stack, but I’m constantly learning new things. These days, I’ve been working on our CLI tool a lot, which also functions as a CI/CD tool, and on the development and design of our API. Our CLI tool is a client for the ReadMe API.
MF: What language is your CLI written in?
KG: It’s all JavaScript. It’s a Node.js TypeScript CLI. We recently started doing some pretty cool stuff with Vercel pkg, which allows us to compile Node libraries into single executable files. We’ve been trying to come up with creative ways to keep the developer experience of TypeScript internally while also trying to get the performance and distribution benefits.
MF: You’ve been working with some 1Password Developer Tools recently. How long have you been doing that and what features have you used?
KG: I’ve been in the 1Password ecosystem as a non-developer user for eight years now. I would say my first foray into the 1Password developer tool ecosystem was pretty recent. I think I first caught wind of the Shell Plugin ecosystem when you announced it in December.
Since then, I’ve been playing around with the 1Password CLI. I have a bunch of little aliases for injecting one-time passwords and commands and whatnot, and just using it to optimize my general daily workflow. But my first real foray into it was developing the ReadMe Shell Plugin.
MF: What does the ReadMe Shell Plugin do with 1Password?
KG: The ReadMe CLI is essentially a CI/CD-type tool that users can integrate into GitHub, GitLab, or any sort of CI/CD process to sync documentation from wherever they want to store it, like their markdown files, into ReadMe.
As part of that, people are often juggling API keys – that’s just a day in the life of developers. So, we have ReadMe API keys for people to sync documentation to their ReadMe projects. Essentially, the ReadMe CLI, in tandem with the ReadMe Shell Plugin, allows you to take your ReadMe API keys when they’re stored with 1Password and invoke authenticated commands into ReadMe directly. Pretty cool stuff.
MF: Without having plaintext secrets out in the world.
KG: Exactly.
MF: What was your experience submitting merge requests to our Shell Plugins repo on GitHub, and contributing to 1Password’s open source project for Shell Plugins? Where did you find yourself reaching for Stack Overflow and where did you use your own street smarts to get this thing up and running?
KG: I was reaching in all kinds of places because I had never written a line of Go in my life up until that point. I’ve been pretty much exclusively embedded in the JavaScript ecosystem for the last five years! It was daunting at first, but a bunch of individuals were super helpful on the 1Password developer team answering my questions and giving detailed review feedback and whatnot.
“I felt very supported from end-to-end."
I had the VS Code Go extension, and that was honestly wonderful. There were certain semantics around the Go programming language, and it auto-formatted my code. It yelled at me when I wrote things improperly. Having training wheels in that sense was very helpful. And any time I had basic Go semantics questions, I was able to open up an issue in that repository and people addressed my questions very quickly and easily. I felt very supported from end-to-end – because I definitely needed it.
MF: Now that the ReadMe plugin is out in our Shell Plugins repo, anyone using ReadMe and 1Password can hook everything up that they need to completely self-serve?
KG: That’s right. It feels like a first-party integration with 1Password in many senses, just because we have our own dedicated docs page on the 1Password developer docs, and we’ve been able to refer to that when talking about it internally and externally. So yeah, it’s out there in the world. It’s been out for a couple months. It’s exciting.
MF: One of the major challenges of building security tools for developers is building them in a way that actually speeds up people’s workflows instead of slowing them down. How did we do with that?
KG: I’m always trying to over-index and over-optimize my workflows. Any time I can spend 30 minutes turning three clicks into two, it’s worth my time.
“It’s been a dream."
When you publish a package to the NPM registry, every time you run the publish command locally, you normally have to click to open 1Password, click to grab the one-time password token, click back and paste it in. Just being able to alias all that, do all these kinds of little things to optimize a lot of these different click journeys and whatnot, it’s been a dream.
I get the sense that there are people like me behind these 1Password developer tool decisions because it’s all done so wonderfully.
MF: Are you working on anything else right now? What’s next for ReadMe?
KG: We have some exciting things in the works with respect to creating an all-encompassing dashboard for developers to access their API keys and make successful requests. A lot of different ways for when end users interact with an API, they can just go to their docs and make those calls, and get all the tools they need to be successful with the API.
So, continued investment on that front. Enterprise authentication is also a big priority for us and we’ve been looking into passkey support. But nothing to announce on that front yet.
MF: We’re very much embracing a passkey future at 1Password. I’m pretty excited about all of that.
KG: 1Passkey, is that the plan?
MF: You heard it here first! It’s going to be 1Passkey. Kanad, where can people go to find out more about you and what ReadMe is working on?
KG: ReadMe is on most social media platforms. We’re on Twitter and LinkedIn. We have a blog you can follow. We’re going to be writing about our 1Password Shell Plugin there pretty soon. Also, you can check us out at readme.com.
Editor’s note: This interview has been lightly edited for clarity and brevity.
Secure your workflows with 1Password Developer Tools
1Password Developer Tools streamline how you manage SSH keys, API tokens, and other infrastructure secrets throughout the entire software development life cycle.
Explore the tools1Password
Tweet about this post