Use fd's to hold the encrypted tarball password.
https://unix.stackexchange.com/questions/29111/safe-way-to-pass-password-for-1-programs-in-bash#answer-29186
Encrypt
exec 3<<<"$(op item get encrypted_tar_password --format json | jq -r '.fields[] | select(.id=="password") | .value')"
gpg --batch --cipher-algo AES256 --passphrase-fd 3 --symmetric --output <filename>.enc <filename>
Decrypt
exec 3<<<"$(op item get encrypted_tar_password --format json | jq -r '.fields[] | select(.id=="password") | .value')"
gpg --no-verbose --quiet --batch --cipher-algo AES256 --passphrase-fd 3 --output <filename> --decrypt <filename>.enc
Encrypt
for i in $(ls); do
exec 3<<<"$(op item get encrypted_tar_password --format json | jq -r '.fields[] | select(.id=="password") | .value')"
gpg --batch --cipher-algo AES256 --passphrase-fd 3 --symmetric --output ${i%%.*}.enc $i
done
Decrypt
for i in $(ls *.enc); do
exec 3<<<"$(op item get encrypted_tar_password --format json | jq -r '.fields[] | select(.id=="password") | .value')"
gpg --no-verbose --quiet --batch --cipher-algo AES256 --passphrase-fd 3 --output ${i%%.*} --decrypt $i
done