Skip to main content

Documentation Index

Fetch the complete documentation index at: https://www.1password.dev/llms.txt

Use this file to discover all available pages before exploring further.

The AWS CDK Toolkit shell plugin allows you to use 1Password to securely authenticate the AWS CDK Toolkit with your fingerprint, Apple Watch, or system authentication, rather than storing your credentials in plaintext. Follow the instructions to configure your default credentials and source the plugins.sh file, then you’ll be prompted to authenticate the AWS CDK Toolkit with biometrics. You can also set up the AWS CLI shell plugin.

Requirements

  1. Sign up for 1Password.
  2. Install and sign in to 1Password for Mac or Linux.
  3. Install 1Password CLI 2.17.0 or later.
  4. Integrate 1Password CLI with the 1Password app.
  5. Install the AWS CDK Toolkit .
  6. Make sure you have an AWS config file at ~/.aws/config on Mac or Linux, or C:\Users\USERNAME\.aws\config on Windows. If you don’t have a config file, use aws configure to create one. When prompted, skip entering your AWS access key pair to avoid writing your credentials on disk in the .aws/credetials file.
The following shells are supported:
  • Bash
  • Zsh
  • fish

Step 1: Configure your default credentials

Step 2: Source the plugins.sh file

To make the plugin available, source your plugins.sh file. For example:

source ~/.config/op/plugins.sh

The file path for your op folder may vary depending on your configuration directory. op plugin init will output a source command with the correct file path.

If this is your first time installing a shell plugin, you’ll also need to add the source command to your RC file or shell profile to persist the plugin beyond the current terminal session. For example:

Step 3: Use the CLI

Step 4: Remove imported credentials from disk

After saving your credentials in 1Password, you can remove all local copies you previously had stored on disk.

Next steps

1Password Shell Plugins support more than 60 third-party CLIs. To see a list of supported CLIs:

op plugin list

To choose another plugin to get started with:

op plugin init

To use shell plugins for seamless context switching, learn how to configure a plugin in multiple environments or with multiple accounts.

Get help

Reference

1Password authenticates with by injecting environment variables with the credentials required by the plugin commands directly from your 1Password account.

If you saved your credentials in 1Password manually rather than using op plugin to import a new item, make sure that your field names match the table below.

If the item doesn’t contain a field with the required name, you’ll be prompted to rename one of the existing fields.

1Password field namesEnvironment variables
Access Key IDAWS_ACCESS_KEY_ID
Secret Access KeyAWS_SECRET_ACCESS_KEY
Default region (optional)AWS_DEFAULT_REGION

Learn more