> ## Documentation Index
> Fetch the complete documentation index at: https://www.1password.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# 1Password CLI best practices

1Password CLI brings 1Password to your terminal. The following are best practices we recommend when using 1Password CLI.

### Use the latest version of 1Password CLI

Practice good software update hygiene and regularly update to the [latest version of the 1Password CLI](https://app-updates.agilebits.com/product_history/CLI2).

You can check for available updates with [`op update`](/cli/reference/commands/update).

### Apply the principle of least privilege to your infrastructure secrets

You can follow the [principle of least privilege <Icon icon="arrow-up-right-from-square" />](https://csrc.nist.gov/glossary/term/least_privilege) with [1Password Service Accounts](/service-accounts), which support restricting 1Password CLI access to only the items required for a given purpose.

Use dedicated vaults with service accounts that are properly scoped for secrets management use cases. Do not grant access to more vaults than needed.

Learn more about [managing group and vault permissions using the principle of least privilege](https://support.1password.com/business-security-practices/#access-management-and-the-principle-of-least-privilege).

### Use template files when creating items that contain sensitive values

When creating items with [`op item create`](/cli/reference/management-commands/item#item-create) we recommend using a [JSON template](/cli/item-create#with-an-item-json-template) to enter any sensitive values.
