From f35cbbffa68defdb787dc4ef66b2a504798e4370 Mon Sep 17 00:00:00 2001
From: Niklas Gehlen <niklas@namespacelabs.com>
Date: Thu, 16 Nov 2023 16:02:37 +0100
Subject: [PATCH] 1Password: cache repeated lookups

---
 internal/providers/onepassword/secrets.go | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/internal/providers/onepassword/secrets.go b/internal/providers/onepassword/secrets.go
index 13f311426..1ae09fddf 100644
--- a/internal/providers/onepassword/secrets.go
+++ b/internal/providers/onepassword/secrets.go
@@ -37,6 +37,7 @@ type provider struct {
 	mu               sync.Mutex
 	ensureAccountErr error
 	once             sync.Once
+	cache            map[string][]byte
 }
 
 func (p *provider) Read(ctx context.Context, ref string) ([]byte, error) {
@@ -44,6 +45,10 @@ func (p *provider) Read(ctx context.Context, ref string) ([]byte, error) {
 	p.mu.Lock()
 	defer p.mu.Unlock()
 
+	if data, ok := p.cache[ref]; ok {
+		return data, nil
+	}
+
 	// If no account is configured, `op read` does not fail but waits for user input.
 	// Hence, we ensure that a user account is indeed configured.
 	if err := p.ensureAccount(ctx); err != nil {
@@ -60,7 +65,9 @@ func (p *provider) Read(ctx context.Context, ref string) ([]byte, error) {
 		return nil, fnerrors.InvocationError("1Password", "failed to invoke %q: %w", c.String(), err)
 	}
 
-	return b.Bytes(), nil
+	data := b.Bytes()
+	p.cache[ref] = data
+	return data, nil
 }
 
 func (p *provider) ensureAccount(ctx context.Context) error {