Indeed. I also use public/private keys when possible, but if one needs to use passwords (or other secrets), using the 1Password CLI is safer than storing them in plaintext:
1 Like
There are lots of easy ways of encrypting a password in a shell script, e.g. https://github.com/plyint/encpass.sh
1 Like
1Password CLI looks like a cool product, but very recent. I worked in an enterprise environment with (most recently) a couple of very large IBM servers running IBM AIX (UNIX-like) operating system with around a hundred clients on each box. Clients accessed our backend application via a Java frontend running on Windows PCs. And we also had many clients who were large enough to buy and host their own server hardware. I’m guessing the 1Password type of solution would have been unavailable when we needed it (company has been in business since the 1970s), cost-prohibitive, and not particularly suited to our environment. 
But this sounds like a good modern solution for clients with Mac frontends in the mix.
1 Like
Just had a quick look at the provided GitHub link, and I would continue to use PKI and sftp, as the setup that I’m familiar with is much simpler. And we had years of scripts for many clients that were developed for those tools.
Edit: Next time I’ll read the entire threat before responding 