Skip to main content

Documentation Index

Fetch the complete documentation index at: https://www.1password.dev/llms.txt

Use this file to discover all available pages before exploring further.

By the end of this guide, you’ll:
  • Install and configure the 1Password app and CLI.
  • Load project secrets from 1Password instead of plaintext .env files.
  • Use 1Password to approve SSH and Git requests with your fingerprint.

Before you begin

You can authenticate 1Password developer tools in two ways:
  • Local development: Use the 1Password desktop app for fast setup and human-in-the-loop approval with biometrics.
  • Automation and production: Use service accounts for automated workflows with least privilege access.
This guide focuses on local development. For CI/CD, containers, and production workflows, see Secure your deployments.

Step 1: Install the 1Password app

If you haven’t already, sign up for a 1Password account. Then install 1Password for Mac, Windows, or Linux. After you install the app:
  1. Open the 1Password app and select your account or collection at the top of the sidebar.
  2. Navigate to Settings > Security.
  3. Turn on the setting to unlock the app using Touch ID, Windows Hello, or Linux system authentication. This allows you to authenticate most developer tools with your fingerprint.

Step 2: Turn on the 1Password Developer experience

To turn on the developer tools section of the app:
  1. Open the 1Password app and select your account or collection at the top of the sidebar.
  2. Navigate to Settings > Developer.
  3. Turn on Show 1Password Developer experience.
You’ll see a new Developer entry in the sidebar with access to your SSH keys, CLI activity, Environments, and Developer Watchtower.

Step 3: Install 1Password CLI

1Password CLI (op) lets you access secrets and manage your account from your terminal and scripts. It’s the fastest way to start experimenting with 1Password developer tools. To install 1Password CLI, use one of the following package managers, or download the latest release. 
brew install 1password-cli
See the full CLI installation guide for requirements and additional Windows, Linux, and manual installation options.
Then turn on the app integration to sign in with the accounts you’ve added to the app and authenticate commands using your fingerprint.
  1. Open the 1Password app and select your account or collection at the top of the sidebar.
  2. Navigate to Settings > Developer.
  3. Select Integrate with 1Password CLI.
Enter any 1Password CLI command to trigger the authentication prompt to sign in. For example, op vault list lists all the vaults in the authenticated account. 
op vault list

Step 4: Create an Environment (beta)

Environments (beta) are like vaults for your developer credentials. You can manage your project’s environment variables together in an Environment, then securely load each set of secrets directly from 1Password when you need them. Start by creating an Environment for a specific project or development context, like iOS App Staging.
  1. In the 1Password app, go to Developer > Environments.
  2. Select New environment, enter a name, and select Save.
  3. Open the Environment, then select Import .env file to import project secrets from an existing environment file or New variable to add variables manually.
After you create the Environment, you can select Manage environment > Manage access to share it with other people on your team.

Step 5: Choose your first workflow

Start with one of these:

Securely load developer secrets from 1Password

Load your project secrets directly from 1Password when you need them, without exposing your secrets in plaintext.

Simplify your SSH and Git workflows

Store SSH keys in 1Password and approve Git and SSH requests with biometrics.

Securely load developer secrets from 1Password

You can access the project secrets stored in an Environment directly from 1Password using a locally mounted .env file on Mac or Linux. The contents of this file aren’t tracked by Git or stored on disk, and are only available at the moment you access it.
  1. In the 1Password app, go to Developer > Environments and open the Environment you created in step 4.
  2. Select the Destinations tab, then select Configure destination for local .env file.
  3. Select Choose file path and choose the path on your device where you want to create your local .env file, then select Mount .env file.
To confirm you can access your environment variables, open your terminal and navigate to the directory where your local .env file is saved. Then run the following command with the name of your file. 
cat .env
An authorization prompt is shown when you try to access a mounted `.env` file through your local terminal.
You can also programmatically read project secrets from Environments on any platform using the latest beta version of the CLI or SDKs.

Simplify your SSH and Git workflows

1Password’s SSH agent secures your SSH keys by keeping them encrypted and off disk, and also brings biometric authentication to your SSH and Git workflows.

Step 1: Generate or import an SSH key

First generate a new SSH key in 1Password in your Personal, Private, or Employee vault. You can also import an existing key.
  1. Select New Item > SSH Key.
  2. Select Add Private Key > Generate a New Key.
  3. Select an SSH key type, Ed25519 or RSA, then select Generate.
  4. Select Save.
After you generate or import an SSH key, add the public key to your preferred Git service, like GitHub or GitLab.

Step 2: Set up the SSH agent

  1. Open the 1Password app and select your account or collection at the top of the sidebar.
  2. Navigate to Settings > Developer.
  3. Select Use the SSH Agent. Turn on the option to display key names to see which key 1Password is requesting access to.
  4. Follow the steps to configure your SSH or Git client.
A terminal with a git push command, overlaid with a 1Password authorization prompt to approve the request to use an SSH key.
On Windows, the 1Password SSH agent only works with SSH clients that support Microsoft OpenSSH. Learn how to check if the OpenSSH Authentication Agent service is installed and running.
After your client is set up, run a Git or SSH command to test your setup. For example: 
ssh -T git@github.com

Step 3: Set up Git commit signing

You can also use your SSH keys in 1Password to sign Git commits and verify authorship on platforms like GitHub.
  1. Open the SSH key you want to use in your 1Password desktop app.
  2. Select > Configure Commit Signing.
  3. In the next window, select Edit Automatically to add the key to your ~/.gitconfig file.
  4. Register your public key as a signing key in your preferred Git service (such as GitHub or GitLab).
  5. Commit some code. 1Password will prompt you to authenticate the same way you unlock your device, like with your fingerprint.
A Mac terminal showing a git commit command, overlaid with a 1Password prompt asking to authorize the use of a commit signing key with Touch ID.

Next steps

Choose what you want to do next:

Build integrations

Use CLI, SDKs, service accounts, or Connect server.

Secure AI access

Provide credentials to AI agents and tools without exposing them in prompts, LLM context, or config files.

Secure your developer secrets

Learn more about specific configurations for securely loading secrets.

Secure your deployments

Set up CI/CD, containers, and production runtime access.

Secure SSH & Git workflows

Learn more about setting up 1Password for SSH & Git.