Best (securest) way to pass data from (1Password) CLI?

What would be the best (securest) way to pass data (username, password, OTP) from the 1Password CLI to Keyboard Maestro?

The security optimum is the automation minimum.

If you really want the best security, then you also want the least automation.

Automation extends power, at the expense of control.
That's often (and in many areas) a good trade-off, but much less likely to be optimal in the case of security.

Don't factor out human errors; in particular in my case

Of course you're right, but suppose I still want to automate this, what would be a "good" way to do it?

For now I'm putting the stdout from KM script actions in local variables.

Probably not super secure, but it does work nice...

In case it helps, this is the way I've implemented a "type a password using the 1P CLI" macro.

Yes, that’s essentially what I’m doing as well.

Thanks for posting!

Oh, by the way: the new Universal Autofill they secretly added to version 8 (never available in the public beta/pre-release) replaces most of my CLI login scripts (/needs).

Thanks, Rob - I feel like I'm relearning my entire approach to 1Password with v8!

Agreed - the Universal Autofill is great and your post gave me the nudge to get it working for one of the use cases I was using for my macro I've made it clearer in my other post that UA may be a better general option.