> ## Documentation Index
> Fetch the complete documentation index at: https://www.1password.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Use 1Password CLI with a Connect server

You can use 1Password CLI with a [Connect server](/connect/) to provision secrets and retrieve items on the command line.

## Requirements

Before you can use 1Password CLI with a Connect server, you must:

* [Sign up for 1Password](https://1password.com/pricing/password-manager).
* [Deploy 1Password Connect](/connect/get-started/#step-2-deploy-1password-connect-server).
* Make a Connect server accessible to your production environment.
* [Install 1Password CLI in your production environment.](/cli/install-server/)
* Set the `OP_CONNECT_HOST` and `OP_CONNECT_TOKEN` environment variables to a Connect server's credentials in your production environment.

## Get started

After you complete the requirement steps, you can use the following 1Password CLI commands with a Connect server:

* [`op run`](/cli/reference/commands/run/)
* [`op inject`](/cli/reference/commands/inject/)
* [`op read`](/cli/reference/commands/read/)
* [`op item get --format json`](/cli/reference/management-commands/item/#item-get)

Vist the command documentation for more information.

## Continuous integration (CI) environments

You can also use 1Password CLI with a Connect server in a continuous integration (CI) pipeline. 1Password CLI allows you to use [secret references](/cli/secret-references/) in place of plaintext secrets in code. You can configure a CI environment to pass different sets of secrets for different environments.

Secret references work well within infrastructure as code tools and CI configurations because you can define them alongside other configurations.

### GitLab CI example

The following code block shows an example GitLab CI configuration file that implements a MySQL service. See [GitLabs `.gitlab-ci.yml` documentation <Icon icon="arrow-up-right-from-square" />](https://docs.gitlab.com/ee/ci/yaml/).

```yaml .gitlab-ci.yml theme={null}
services:
- mysql

variables:
  # Configure mysql service (https://hub.docker.com/_/mysql/)
  MYSQL_DATABASE: op://prod/mysql/database
  MYSQL_USERNAME: op://prod/mysql/username
  MYSQL_PASSWORD: op://prod/mysql/password

connect:
  image: mysql
  script:
  - echo "SELECT 'OK';" | op run -- mysql --user="$MYSQL_USERNAME" --password="$MYSQL_PASSWORD" --host=mysql "$MYSQL_DATABASE"
```

To authenticate 1Password CLI in the CI pipeline, add the `OP_CONNECT_HOST` and `OP_CONNECT_TOKEN` environment variables to a CI configuration file. The presence of these environment variables tells 1Password CLI to use the Connect server to fetch secrets.

The following code block expands the GitLab CI example to include the Connect environment variables.

```yaml .gitlab-ci.yml theme={null}
services:
- mysql

variables:
  # Configure mysql service (https://hub.docker.com/_/mysql/)
  MYSQL_DATABASE: op://prod/mysql/database
  MYSQL_USERNAME: op://prod/mysql/username
  MYSQL_PASSWORD: op://prod/mysql/password
  # Configure 1Password CLI to use Connect
  OP_CONNECT_HOST: <Connect host URL>:8080
  OP_CONNECT_TOKEN: token

connect:
  image: mysql
  script:
  - echo "SELECT 'OK';" | mysql --user="$MYSQL_USERNAME" --password="$MYSQL_PASSWORD" --host=mysql "$MYSQL_DATABASE"
```

## Learn more

* [Load secrets into the environment](/cli/secrets-environment-variables/)
* [Load secrets into config files](/cli/secrets-config-files/)
* [Workflow: Secure your deployments](/get-started/secure-deployment)
* [Workflow: Build integrations with 1Password](/get-started/build-integrations)
