Skip to content

1Password CLI

206 stars
official macOS Linux Actively maintained

The official 1Password CLI. Read secrets, inject credentials into processes, and manage vaults without exposing sensitive values in scripts or environment files.

Part of the 1Password CLI tools for AI agents

What your agent can do

Your `.env` file has real API keys in it. It's in `.gitignore` but someone copies it to Slack. Someone commits it by accident. Someone's laptop gets stolen. The keys are the same ones used in production. Your agent uses `op run --env-file=.env.tpl -- npm start` instead. The template file contains references like `op://Development/Stripe/secret-key`, not actual values. Secrets are resolved at runtime, never written to disk.`op read` is the single-value primitive. `op read op://Production/Database/password` returns just the password. No JSON wrapping, no metadata, just the value. Pipe it anywhere: `export DB_PASS=$(op read op://Production/Database/password)`. Your agent reads secrets on demand without storing them in variables, files, or history.`op run` is the command wrapper. It reads a `.env.tpl` file where values are 1Password references, resolves them, injects them as environment variables, then runs your command. The actual secrets exist only in the subprocess environment. They never appear in shell history, process lists, or log output. Your agent wraps any command with `op run` to make it secrets-aware without modifying the tool itself.`op inject` generates real config files from templates. Your agent maintains `.env.tpl` in version control (safe — it only contains references) and runs `op inject -i .env.tpl -o .env` to generate the actual `.env` file locally. Every developer and every CI pipeline gets the same secrets from the same source. No more "can you send me the Stripe key?"Service accounts make 1Password fully headless. Set `OP_SERVICE_ACCOUNT_TOKEN` and every `op` command authenticates automatically. No interactive login, no biometric prompt, no browser. Your agent in CI/CD reads secrets, injects credentials, and manages vaults without human involvement. Rate-limited and audit-logged by default.

Limitations

Proprietary software requiring a 1Password subscription (Teams, Business, or Enterprise). Free tier does not include CLI access for service accounts. The CLI binary itself is closed-source. No official MCP server. Secrets are fetched over the network, so operations require internet connectivity (unlike local env files).

Key Commands

op read Read a single secret value by reference path
op item get Retrieve a complete item with all fields as JSON
op run Execute a command with secrets injected as environment variables
op inject Replace secret references in a template file with actual values
op item list List all items in a vault with metadata
op item create Create a new secret item in a vault
op whoami Display the current authenticated account and session info

GitHub Stats

repo 1Password/connect
stars 206
language Go
license MIT
last commit Mar 20, 2026

Links

Official documentation developer.1password.com/docs/cli Service accounts guide developer.1password.com/docs/service-accounts GitHub Actions integration github.com/1Password/install-cli-action SDK and integrations github.com/1Password/connect

FAQ

Is 1Password CLI free?
The CLI binary is free to download and install. However, it requires a 1Password account. Personal accounts can use the CLI with biometric auth. Service accounts (for CI/CD and headless agent use) require 1Password Teams or Business plans. Install with `brew install 1password-cli` on macOS.
Can AI agents use 1Password CLI?
Yes. Service accounts (`OP_SERVICE_ACCOUNT_TOKEN`) enable fully headless operation. Your agent reads secrets with `op read`, injects credentials with `op run`, and manages vaults with `op item` commands. All commands support `--format=json` for structured output. Every access is audit-logged. No interactive prompts required.
How does op run work?
op run reads a template file (like `.env.tpl`) where values are 1Password references (`op://Vault/Item/Field`). It resolves each reference, injects the real values as environment variables, and runs your command. The secrets exist only in the subprocess environment — never in shell history, process listings, or disk. Example: `op run --env-file=.env.tpl -- node server.js`.
What is the difference between 1Password CLI and HashiCorp Vault?
Different scale, different purpose. 1Password CLI is SaaS-based secrets management designed for teams and CI/CD pipelines. Vault is infrastructure-grade secrets management with dynamic credential generation, encryption as a service, and certificate management. 1Password is simpler to set up and use. Vault is more powerful for enterprise infrastructure. Your agent uses 1Password for application secrets and Vault for infrastructure-level credential management.
Can you use 1Password CLI in CI/CD?
Yes. Create a service account in your 1Password dashboard. Set `OP_SERVICE_ACCOUNT_TOKEN` as a CI secret. In your pipeline, `op read op://vault/item/field` fetches any secret. `op run --env-file=.env.tpl -- deploy-command` injects secrets into your deploy process. Works with GitHub Actions, GitLab CI, CircleCI, and any CI provider.

Related tools in Security

Vault CLI official
brew tap hashicorp/tap && brew install hashicorp/tap/vault
category Security
The official HashiCorp Vault CLI. Read and write secrets, generate dynamic credentials, manage encryption keys, and control access policies with structured JSON output.
35.3k
Snyk CLI official
brew install snyk
category Security
The official Snyk CLI. Scan dependencies for vulnerabilities, audit container images, test infrastructure-as-code, and run static analysis with structured JSON and SARIF output.
5.5k

Last verified: Mar 25, 2026