Andrew, sorry for the major lag in responding.
It's not a workflow, but an actual app that gets invoked via Alfred. Under the hood, it's an app bundle that invokes a shell script:
Where KeychainEntry is the name of the entry in the Keychain, the shell scrip is located here:
[KeychainEntry].app/Contents/MacOS/[KeychainEntry]
#!/bin/bash
PW=`python -c "print '$0'.split('/')[-1],"`
~/bin/getpw "$PW" |pbcopy
If the Keychain is unlocked, then it will simply copy the entry password. If it hasn't been unlocked, you must first authenticate to unlock it.
It worked (and continues to work) flawless in Alfred 1.x, in the sense that focus always ends up coming back to the pre-invocation window, which is usually Terminal.app or iTerm.app.
If you think Keychain entries can be access in this fashion using a workflow, I'm more than happy to head down that rabbit hole. The important thing would be that it behave like 1Password integration in that individual entries would come up in search.
As I did for David, I'm happy to send a manifesto of how the framework functions. There's a master app (refreshallpw) that uses the shell command "security dump-keychain" to find all entries of interest and generate the individual .app bundles for each entry.
Thanks for any light you can shed on this, or any path forward!