Back to Agent Skills
Security & Quality
1Password CLI Secrets
Access and manage secrets from 1Password vaults programmatically using the op CLI and SDKs.
Claude Code Cursor
Overview
1Password CLI (op) and the Connect SDK allow developers to securely access secrets stored in 1Password vaults from applications and CI/CD pipelines. Instead of storing secrets in environment variables or config files, applications retrieve them directly from 1Password at runtime, ensuring secrets are always up-to-date and centrally managed.
The 1Password Connect Server provides a REST API that runs in your infrastructure, giving applications secure access to vault items without requiring user authentication. The JavaScript/TypeScript SDK wraps this API with a type-safe client. Secret references using the `op://` URI scheme allow you to reference secrets in configuration files and environment variables without exposing actual values.
For CI/CD integration, the op CLI can inject secrets into build environments using `op run`, which replaces secret references in environment variables with actual values for the duration of a command. This eliminates the need to store secrets in CI/CD platform secret stores. 1Password also provides GitHub Actions for seamless integration with GitHub workflows.
The 1Password Connect Server provides a REST API that runs in your infrastructure, giving applications secure access to vault items without requiring user authentication. The JavaScript/TypeScript SDK wraps this API with a type-safe client. Secret references using the `op://` URI scheme allow you to reference secrets in configuration files and environment variables without exposing actual values.
For CI/CD integration, the op CLI can inject secrets into build environments using `op run`, which replaces secret references in environment variables with actual values for the duration of a command. This eliminates the need to store secrets in CI/CD platform secret stores. 1Password also provides GitHub Actions for seamless integration with GitHub workflows.
Who Is This For?
- Inject secrets into CI/CD pipelines without storing them in the platform
- Access API keys and credentials from 1Password in Node.js apps
- Replace .env files with 1Password secret references
- Rotate secrets centrally without redeploying applications
Installation
Setup for Claude Code
npm install @1password/connectConfiguration
import { OnePasswordConnect } from "@1password/connect"
const op = OnePasswordConnect({
serverURL: "http://localhost:8080",
token: process.env.OP_CONNECT_TOKEN!,
keepAlive: true,
})
const item = await op.getItem("vault-id", "item-id")
const password = item.fields.find(f => f.label === "password")?.valueExplore AI Tools
Discover the best AI tools that complement your skills
Read AI & Design Articles
Tips and trends in the world of design and AI
Related Skills
Security & Quality
Snyk Security Scan
Detect vulnerabilities in your dependencies and application code. Get actionable remediation advice and automatic fix pull requests.
Claude Code Codex Copilot
Security & Quality SonarQube Code Quality
Run continuous code quality and security analysis to catch bugs, code smells, and vulnerabilities before they reach production.
Claude Code Codex Copilot
Security & Quality OWASP ZAP Security Testing
Perform automated web application security testing to find common vulnerabilities like XSS, injection flaws, and misconfigurations.
Claude Code Codex