Documentation Index
Fetch the complete documentation index at: https://www.1password.dev/llms.txt
Use this file to discover all available pages before exploring further.
Manage service accounts.
Subcommands
service-account create
Create a service account to gain programmatic access to your secrets using 1Password CLI.
op service-account create <serviceAccountName> [flags]
Flags
--can-create-vaults Allow the service account to create new vaults.
--expires-in duration Set how long the service account is valid for in (s)econds,
(m)inutes, (h)ours, (d)ays, or (w)eeks.
--raw Only return the service account token.
--vault stringArray Give access to this vault with a set of permissions. Has
syntax <vault-name>:<permission>[,<permission>]
--vault flag. The syntax looks like this:
--vault <vault-name>:<permission>,<permission>
read_itemswrite_items (requires read_items)share_items (requires read_items)
If no permissions are specified, it will default to read_items.
You can set an expiry to a service account using the --expires-in flag.
1Password CLI only returns the service account token once.
Save the token in 1Password immediately to avoid losing it.
Treat this token like a password, and don’t store it in plaintext.
Examples
Create a new service account:
op service-account create my-service-account --vault Dev:read_items --vault Test:read_items,write_items
op service-account create my-service-account --expires-in=24h
op service-account create my-service-account --can-create-vaults
service-account ratelimit
Retrieve hourly and daily rate limit usage for a service account.
op service-account ratelimit [{ <serviceAccountName> | <serviceAccountID> }] [flags]
