diff --git a/emacs/init.org b/emacs/init.org
index fe64e77..0a15607 100755
--- a/emacs/init.org
+++ b/emacs/init.org
@@ -2800,48 +2800,48 @@ The aws-mfa command:
 
   (defun 1pass-signin ()
     (interactive)
-    (let* ((signin-address "team-lolatravel.1password.com")
-	   (signin-email "jeremydormitzer@lola.com")
-	   (secret-key (password-store-get "1pass-lola-secret-key"))
-	   (master-password (password-store-get "team-lolatravel.1password.com"))
-	   (proc (start-process "op-signin" "*op-signin*"
-				"op" "signin" signin-address signin-email secret-key "--output=raw")))
-      (set-process-sentinel
-       proc
-       (make-process-sentinel
-	(lambda ()
-	  (setq op-token
-		(with-current-buffer "*op-signin*"
-		  (goto-char (- (point-max) 1))
-		  (buffer-substring-no-properties (line-beginning-position) (line-end-position))))
-	  (message (format "Signed in to 1Password with session token %s" op-token))
-	  (kill-buffer "*op-signin*"))
-	(lambda ()
-	  (message "1Password signin failed, check *op-signin* buffer for details"))))
-      (process-send-string proc (concat master-password "\n"))))
+    (cl-letf* ((signin-address "team-lolatravel.1password.com")
+	       (signin-email "jeremydormitzer@lola.com")
+	       (secret-key (password-store-get "1pass-lola-secret-key"))
+	       ((symbol-function 'op-signin)
+		(make-shell-fn "pass" "team-lolatravel.1password.com" "|" "op" "signin" signin-address signin-email secret-key "--output=raw"))
+	       (token (op-signin)))
+      (if (string-match-p "ERROR" token)
+	  (error "Unable to sign in to 1Password: %s" token)
+	(setf op-token token)
+	(message (format "Signed in to 1Password with session token %s" op-token))
+	op-token)))
+
+  (defun op-fn (&rest args)
+    (lambda (&optional input)
+      (cl-letf* (((symbol-function 'op-function)
+		  (apply #'make-shell-fn "op" `(,@args ,(format "--session=%s" op-token))))
+		 (output (op-function input)))
+	(if (or (string-match-p "Authentication required" output)
+		(string-match-p "You are not currently signed in" output))
+	    (cl-letf* ((new-token (1pass-signin))
+		       ((symbol-function 'op-function)
+			(apply #'make-shell-fn "op" `(,@args ,(format "--session=%s" new-token)))))
+	      (op-function input))
+	  output))))
 
   (defun op-list-items ()
-    (when (not op-token) (1pass-signin))
-    (mapcar#'cdr
-     (mapcar
-      (apply-partially #'assoc 'title)
-      (mapcar
-       (apply-partially #'assoc 'overview)
-       (json-read-from-string
-	(funcall
-	 (make-process-fn "op" "list" "items" (format "--session=%s" op-token))))))))
+    (cl-flet ((op-list-items-fn (op-fn "list" "items")))
+      (mapcar #'cdr
+	      (mapcar (apply-partially #'assoc 'title)
+		      (mapcar (apply-partially #'assoc 'overview)
+			      (json-read-from-string (op-list-items-fn)))))))
 
   (defun op-get-item (item)
-    (json-read-from-string
-     (funcall
-      (make-process-fn "op" "get" "item" (format "--session=%s" op-token) item))))
+    (cl-flet ((op-get-item (op-fn "get" "item" item)))
+      (json-read-from-string (op-get-item))))
 
   (defun op-get-item-password (item-json)
     (let* ((fields (assoc-recursive item-json 'details 'fields))
-	   (pw-field (car
-		      (seq-filter
-		       (lambda (field) (string= "password" (cdr (assoc 'designation field))))
-		       fields))))
+	   (pw-field (car (seq-filter
+			   (lambda (field)
+			     (string= "password" (cdr (assoc 'designation field))))
+			   fields))))
       (when pw-field (cdr (assoc 'value pw-field)))))
 
   (defun op-copy-password (item)
@@ -2853,7 +2853,7 @@ The aws-mfa command:
 	  (insert password)
 	  (copy-region-as-kill (point-min) (point-max))
 	  (message "Copied password for \"%s\" to kill ring." item))
-      (message "No password found in 1Password for \"%s\"." item)))
+      (error "No password found in 1Password for \"%s\"." item)))
 
   (leader-def-key "ao" #'op-copy-password)
 #+END_SRC