Write and retrieve 32bit keys with onlykey-cli

We can use onlykey-cli to generate random keys on the device. I’m trying to use an Onlykey Duo to unlock a ZFS encrypted dataset and would like to avoid storing the key on my computer.

Ideally, this would be possible to do with a script, and do not require interaction from the user (beside plugging the FIDO/GPG device).
(I do a similar thing with a LUKS encrypted device and FIDO2, but this is not possible with ZFS, it only supports passphrase, raw, hex).

Maybe I’m not aware and this is already a thing.

You can use this to generate random keys on OnlyKey OnlyKey Command-Line Utility | Docs

But these keys can only be used with OnlyKey agent.

You could just store a long passphrase on OnlyKey, you can use both the username and password fields which are 58 characters each so a 116 character password.

I don’t seem to find a way to use onlykey-agent to pull a passphrase out of the key without a lot of user input.
Am I missing something ?

No that is by design, user physical presence is necessary. If you could use software to pull a passphrase out of OnlyKey than so could malware.