Skip to main content

Documentation Index

Fetch the complete documentation index at: https://www.1password.dev/llms.txt

Use this file to discover all available pages before exploring further.

AI tools and agents are increasingly being used for tasks that require credentials like passwords, API tokens, and one-time password codes to complete. When you supply these credentials in plaintext, like by pasting a secret directly into an agentic browser when prompted to sign in, your secrets can leak into the LLM context. Storing API tokens for AI services in plaintext creates another risk. Hardcoded tokens in .env files, mcp.json files, and config files can be committed to source control or accidentally shared, allowing anyone who finds them to access your accounts. 1Password gives you secure ways to provide secrets to AI tools and agents. Store your credentials in 1Password, then load them into your AI workflows without exposing them in plaintext or allowing agents to directly handle your secrets.

The security principles guiding 1Password's approach to AI

How 1Password applies ideas like secrets staying secret, deterministic authorization, auditability, and least privilege when building and integrating AI.

Secure AI API keys

If you use AI services like OpenAI, Anthropic, or Google in your applications or scripts, you may have plaintext API keys stored in environment variables, .env files, or shell profiles. 1Password Environments (beta) allow you to manage your API keys and other project secrets together in 1Password, then securely load them into your code when you need them. To get started:
  1. Create an Environment in 1Password and add the API keys and other secrets your AI workflow needs as variables. If you have an existing .env file for your project, you can import it.
  2. Create a locally mounted .env file for the Environment. The contents of this file aren’t tracked by Git or stored on disk, and are only available at the moment you access it.
  3. Verify you can access your variables and make sure they work with your tools.
After you set up the Environment, remove any plaintext API keys stored in your local .env files or shell profiles (~/.zshrc, ~/.bashrc).
Local .env files are currently only supported in 1Password for Mac and Linux. You can also programmatically read project secrets from Environments on any platform using the latest beta version of the CLI or SDKs.

Add validation for AI-assisted coding

If you use AI coding agents in tools like Cursor, GitHub Copilot, Claude Code, or Windsurf, you can use 1Password hooks to validate that your locally mounted .env files are properly configured before the agent executes shell commands. If any required .env files are missing or invalid, the hook prevents the agent from executing and the agent provides instructions for how to fix the issue.
https://mintcdn.com/ab-634991b8/kblVKwG534GVs6ut/static/img/product-icons/light/environments.svg?fit=max&auto=format&n=kblVKwG534GVs6ut&q=85&s=40fd45ddb1099154832a332c40c46c9a

Create and manage Environments

Store your AI API keys in an Environment.

Access secrets through local .env files

Sync an Environment to a local .env file.

Install the validation hook

Validate locally mounted .env files before your agent runs shell commands.

Secure MCP server config files

MCP server configurations (like mcp.json) often include API tokens and other credentials as environment variables. Yours might look something like this: 
{
  "mcpServers": {
    "github": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-github"],
      "env": {
        "GITHUB_TOKEN": "ghp_your-secret-token"
      }
    }
  }
}
Instead of exposing your tokens in plaintext, you can store them in 1Password, then use an Environment (beta) to securely load the secrets as environment variables at runtime. Your new MCP configuration file should reference the environment variable names for each secret instead of the actual values. For example: 
{
  "mcpServers": {
    "github": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-github"],
      "env": {
        "GITHUB_TOKEN": "$GITHUB_TOKEN" 
      }
    }
  }
}
To get started with Environments:
  1. Install the latest beta of 1Password CLI.
  2. Create an Environment in 1Password and add the credentials your MCP server configuration needs as variables.
  3. Open the Environment you just created and select Manage environment > Copy environment ID.
  4. Wrap the command to start your MCP server with op run --environment to provision your Environment’s variables for the duration of the MCP server process: 
    op run --environment <environmentID> -- <command>
You can also load your API tokens from 1Password at runtime using op run and secret references.

Autofill in browser-based agents (early access)

When browser-based AI agents need to sign in to websites, they typically prompt you to enter your login details manually. This exposes your credentials to the agent and the underlying model. 1Password Agentic Autofill (early access) provides a secure alternative. Instead of handing secrets directly to the agent, you tell the agent to sign in using 1Password. When the agent needs to authenticate, 1Password prompts you to approve or deny the request. If you approve, the 1Password browser extension autofills your login details over an end-to-end encrypted channel and the agent completes the sign-in process without ever seeing your credentials. Agentic Autofill is currently available through Browserbase Director, a no-code AI agent for web-based tasks.

Set up Agentic Autofill

Get started with Agentic Autofill and Browserbase Director.

Authenticate AI command-line tools with biometrics

You can set up 1Password Shell Plugins to authenticate AI command-line tools like OpenAI CLI or Claude Code CLI using the 1Password desktop app, eliminating the need to store plaintext API keys in your shell profile or environment. When you use a shell plugin, you authenticate the underlying CLI in the same way you unlock the 1Password desktop app, like with Touch ID, Apple Watch, or a Linux system authentication option, which enables convenient human-in-the-loop approval.
Shell plugins let you configure different default credentials in different directories, so you can automatically switch between secrets for different projects without needing to take any manual action.

Get help

To get help, join the discussion in our Developer community or join our Developer Slack workspace.