Use the 1Password MCP Server with Codex or Kiro and 1Password Environments (beta)

The 1Password MCP server creates a bridge that allows supported MCP clients such as Codex and Kiro to manage your 1Password Environments with secure authorization prompts. You can use the MCP server to:

Create environments.
List environment variable names.
Handle local .env files within authenticated workflows, while securely storing your credentials in 1Password.
Manage secrets within 1Password Environments.

The MCP server doesn’t read or return secrets to the AI tool. Instead, secrets remain in 1Password and are only accessed by authorized processes. As a result, the MCP server allows your AI tool to act on secrets without ever seeing them. Learn more about 1Password’s approach to MCP servers.

This feature is in beta. The Codex plugin currently supports Mac and Linux. The Kiro plugin currently only supports Mac.

How it works

Your AI tool connects to 1Password through its MCP server to create and manage an Environment for the project. Upon completion of the project, the AI tool requests that 1Password mount a local .env file through an in-memory FIFO file. At runtime, 1Password injects the required variables from your Environment directly into the application process. The values exist in memory only for the authorized process, and only for as long as the process needs them. The AI tool orchestrates, the application executes, and 1Password issues the credentials. For example, if you ask your AI tool to create a 1Password Environment:

Start a task in your AI tool: Such as, ask Codex or Kiro to create and manage an app.
Your AI tool connects to the 1Password MCP server: This happens over a local connection, where the client can discover and invoke available actions from instructions the MCP provides.
1Password validates requests: The MCP server communicates with the 1Password desktop app, which handles identity, authorization, and secure access.
You approve access: Every interaction requires explicit 1Password user authorization prompt approval before the client can proceed.
The MCP client creates and manages an Environment in 1Password: The client can create Environments, list and manage variable names, and prepare configuration without accessing raw secrets.
1Password injects secrets at runtime: Applications run using secrets from 1Password, without those secrets ever being exposed to the agent.

This walkthrough shows how to use the MCP server for Codex:

Requirements

Before you can use the MCP server, you’ll need to:

Sign up for 1Password.
Install the 1Password desktop app for Mac or Linux.
Create a 1Password Environment.
Have a supported MCP client: Codex or Kiro.

Get started with the MCP server

1Password Enterprise Password Manager admins can turn the MCP server feature on and off. To do so, go to Policies > Agentic permissions and then turn the Local MCP server option on or off as needed.

Before you can use the MCP server, you’ll need to turn the feature on and configure your MCP client.

Step 1: Turn on access to the MCP server

To turn on the MCP server:

In 1Password, go to Settings > Labs, then select MCP Server.
Turn on the Enable local MCP server toggle.
Navigate to Settings > Developer and select Integrate with MCP clients.

Next, you’ll need to configure 1Password as a local MCP server within your AI tool.

Step 2: Configure your MCP client

Codex
Kiro

To configure the 1Password MCP Server for Codex:

In Codex, go to MCP servers and select + Add server. Make sure the toggle is turned on.
Set the path in the Command to launch field.
- For Mac, use: /Applications/1Password.app/Contents/MacOS/onepassword-mcp
- For Linux, use: ./dist/onepassword-mcp

Next, update your AGENTS.md file to instruct Codex to explicitly use the MCP server without needing to ask.To do this, go to Personalization and fill in the Custom instructions field. For example, add the instruction:“Always use the 1Password MCP server if you need to work with the 1Password developer environments without me having to explicitly ask.”

To configure the 1Password MCP Server for Kiro, you can either install the plugin from the Kiro Power Marketplace or from GitHub.

Option 1: Install from the Kiro Power Marketplace

Search for “1Password Developer Environments” at kiro.dev/powers.
Select Add to Kiro to open the installation page in Kiro.
Select +Install to install the Power.
Select Try power to validate your Environment and get started.

Option 2: Install from GitHub

Select Powers in the Activity Bar, or open the Command Palette and search for Powers: Focus on Installed view.
Select Add Custom Power.
Select Import Power from GitHub from the menu options.
Paste the repository URL: https://github.com/1Password/1password-kiro-plugin
Select 1password-kiro-plugin from the list of installed Powers.
From the Power: 1Password Developer Environments screen, select Try power to validate your Environment and get started.

Example prompts

After your MCP client is configured, you can prompt it to perform tasks like:

“List my 1Password Environments”
“Create a local .env mount here”
“Show me the variable names in my project environment”
“Add a placeholder variable for my OpenAI API key”
“Create a new Environment called my-project”

The 1Password desktop app may prompt for approval when your MCP client connects to the MCP server or accesses an Environment.

​How it works

​Requirements

​Get started with the MCP server

​Step 1: Turn on access to the MCP server

​Step 2: Configure your MCP client

​Option 1: Install from the Kiro Power Marketplace

​Option 2: Install from GitHub

​Example prompts

​Learn more

How it works

Requirements

Get started with the MCP server

Step 1: Turn on access to the MCP server

Step 2: Configure your MCP client

Option 1: Install from the Kiro Power Marketplace

Option 2: Install from GitHub

Example prompts

Learn more