Skip to main content

Documentation Index

Fetch the complete documentation index at: https://www.1password.dev/llms.txt

Use this file to discover all available pages before exploring further.

The 1Password MCP server for Codex creates a bridge that allows you to manage your 1Password Environments from Codex with secure authorization prompts. You can use the MCP server to:
  • Create environments.
  • List environment variable names.
  • Handle local .env files within authenticated workflows, while securly storing your credentials in 1Password.
  • Manage secrets within 1Password Environments.
The MCP server doesn’t read or return secrets to the AI agent. Instead, secrets remain in 1Password and are only accessed by authorized processes. As a result, the MCP server allows Codex to act on secrets without ever seeing them. Learn more about 1Password’s approach to MCP servers.
This feature is currently in beta and is only supported in 1Password for Mac and Linux at this time.

How it works

Codex connects to 1Password through its MCP server to create and manage an Environment for the project. Upon completion of the project, Codex requests that 1Password mount a local .env file through an in-memory FIFO file. At runtime, 1Password injects the required variables from your Environment directly into the application process. The values exist in memory only for the authorized process, and only for as long as the process needs them. Codex orchestrates, the application executes, and 1Password issues the credentials. For example, if you ask Codex to create a 1Password Environment:
  1. Start a task in Codex: Such as, ask Codex to create and manage an app.
  2. Codex connects to the 1Password MCP server: This happens over a local connection, where Codex can discover and invoke available actions from instructions the MCP provides.
  3. 1Password validates requests: The MCP server communicates with the 1Password desktop app, which handles identity, authorization, and secure access.
  4. You approve access: Every interaction requires explicit 1Password user authorization prompt approval before Codex can proceed.
  5. Codex creates and manages an Environment in 1Password: Codex can create Environments, list and manage variable names, and prepare configuration without accessing raw secrets.
  6. 1Password injects secrets at runtime: Applications run using secrets from 1Password, without those secrets ever being exposed to the agent.

Requirements

Before you can use the MCP server, you’ll need to:

Get started with the MCP server

1Password Enterprise Password Manager admins can turn the MCP server feature on and off. To do so, go to Policies > Agentic permissions and then turn the Local MCP server option on or off as needed.
Before you can use the MCP server, you’ll need to turn the feature on and configure Codex.

Step 1: Turn on access to the MCP server

To turn on the MCP sever:
  1. In 1Password, go to Settings > Labs, then select MCP Server.
  2. Turn on the Enable local MCP server toggle.
  3. Navigate to Settings > Developer and select Integrate with MCP clients.
Next, you’ll need to configure 1Password as a local MCP server within Codex.

Step 2: Configure Codex

To configure 1Password as a local MCP server within Codex:
  1. In Codex, go to MCP servers and select + Add server. Make sure the toggle is turned on.
  2. Set the path in the “Command to launch” field.
    • For MacOS, use: /Applications/1Password.app/Contents/MacOS/onepassword-mcp
    • For Linux, use: ./dist/onepassword-mcp
Next, update your AGENTS.md file to instruct Codex to explicitly use the MCP server without needing to ask. To do this, go to Personalization and fill in the Custom instructions field. For example, add the instruction: “Always use the 1Password MCP server if you need to work with the 1Password developer environments without me having to explicitly ask.”

Learn more