1password

1password is a community skill for password manager CLI integration, covering installation, desktop app integration, vault access, secret retrieval, and secure credential management for development workflows and automation scripts.

What Is This?

Overview

1password provides command-line access to 1Password password manager vaults through the op CLI tool with desktop app integration for secure authentication. It covers installation guidance that walks through downloading, installing, and configuring the op CLI tool on various operating systems including macOS, Linux, and Windows, desktop app integration that enables biometric authentication and secure session management between CLI and desktop application, vault access that connects to 1Password accounts and lists available vaults with their contents, secret retrieval that fetches passwords, API keys, and secure notes programmatically for use in scripts and automation, and credential injection that populates environment variables and configuration files with secrets without exposing them in code. The skill enables secure credential management in development and deployment workflows without hardcoding sensitive data.

Who Should Use This

This skill serves developers managing secrets in local development, DevOps teams integrating credential management in deployment scripts, and AI agents requiring secure access to API keys and passwords.

Why Use It?

Problems It Solves

Hardcoding passwords and API keys in scripts creates security vulnerabilities and leaked credentials. Manually copying secrets from password managers into terminal sessions is tedious and error prone. Sharing credentials across team members requires insecure methods like messaging or email when proper secret management is absent. Rotating passwords and API keys demands updating multiple configuration files and scripts scattered across projects. Managing different credentials for development, staging, and production environments increases complexity and risk of using wrong secrets.

Core Highlights

CLI installer sets up op tool with desktop app integration and authentication configuration. Vault accessor connects to accounts and lists available credential storage locations. Secret retriever fetches passwords and keys programmatically for script usage. Credential injector populates environment variables without code exposure.

How to Use It?

Basic Usage

eval $(op signin)

op item list

op item get "GitHub" \
  --fields password

op item get "AWS" \
  --fields api_key

Real-World Examples

export DB_PASSWORD=$(
  op item get "Database" \
    --fields password
)

API_KEY=$(op item get "API" \
  --fields credential)
curl -H "Authorization: \
  Bearer $API_KEY" \
  https://api.example.com

op run --env-file=.env -- \
  python app.py

op signin --account my.1password.com
op item get "Login"

Advanced Tips

Use op run with environment file references to inject multiple secrets into command execution contexts without manual export statements. Enable desktop app integration for biometric authentication instead of typing master passwords repeatedly during development sessions. Organize credentials by environment using vault structure and tags for clear separation of development, staging, and production secrets. Reference secrets using the op:// URI scheme inside .env files to keep plaintext values out of version-controlled configuration entirely.

When to Use It?

Use Cases

Manage API keys and database passwords in development environments without hardcoding secrets in configuration files. Automate deployment scripts that require credentials by retrieving them from 1Password vaults programmatically at runtime. Share team credentials securely through 1Password vaults with role-based access control instead of insecure messaging channels.

Related Topics

Secret management, password managers, credential injection, environment variables, secure development, DevOps security, and API key management.

Important Notes

Requirements

1Password account with command-line access enabled for CLI tool usage. 1Password desktop application installed for biometric authentication integration and session management. Op CLI tool installed and properly configured with account connection and authentication setup.

Usage Recommendations

Do: enable desktop app integration for seamless biometric authentication during development sessions. Use op run for command execution with injected secrets rather than exporting to environment permanently. Organize credentials with descriptive names and tags for easy discovery and filtering in scripts.

Don't: log retrieved secrets to console or files since this defeats secure credential management purpose. Share CLI session tokens across users or systems since they provide full vault access. Store op CLI output containing secrets in shell history by using proper command structure and output handling, such as wrapping sensitive commands in subshells or using the HISTIGNORE variable to exclude them.

Limitations

Requires active desktop app session for CLI authentication in most configurations, limiting headless automation. Command-line access may require specific subscription tiers depending on account type. Retrieving secrets adds latency to script execution compared to environment variables loaded at startup, affecting performance-sensitive workflows.