> ## Documentation Index
> Fetch the complete documentation index at: https://www.1password.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Secure AI access

> Use 1Password to securely provide secrets to AI agents and protect your AI workflow credentials.

AI tools and agents are increasingly being used for tasks that require credentials like passwords, API tokens, and one-time password codes to complete. When you supply these credentials in plaintext, like by pasting a secret directly into an agentic browser when prompted to sign in, your secrets can leak into the LLM context.

Storing API tokens for AI services in plaintext creates another risk. Hardcoded tokens in `.env` files, `mcp.json` files, and config files can be committed to source control or accidentally shared, allowing anyone who finds them to access your accounts.

1Password gives you secure ways to provide secrets to AI tools and agents. Store your credentials in 1Password, then load them into your AI workflows without exposing them in plaintext or allowing agents to directly handle your secrets.

<CardGroup cols={1}>
  <Card title="The security principles guiding 1Password's approach to AI" href="https://1password.com/blog/security-principles-guiding-1passwords-approach-to-ai" icon="shield-halved">
    How 1Password applies ideas like secrets staying secret, deterministic authorization, auditability, and least privilege when building and integrating AI.
  </Card>
</CardGroup>

## Secure AI API keys

If you use AI services like OpenAI, Anthropic, or Google in your applications or scripts, you may have plaintext API keys stored in environment variables, `.env` files, or shell profiles.

[1Password Environments](/environments) (beta) allow you to manage your API keys and other project secrets together in 1Password, then securely load them into your code when you need them.

To get started:

1. [Create an Environment](/environments) in 1Password and add the API keys and other secrets your AI workflow needs as variables. If you have an existing `.env` file for your project, you can import it.
2. [Create a locally mounted `.env` file](/environments/local-env-file) for the Environment. The contents of this file aren't tracked by Git or stored on disk, and are only available at the moment you access it.
3. [Verify you can access your variables](/environments/local-env-file#verify-with-your-terminal) and make sure they work with your tools.

After you set up the Environment, remove any plaintext API keys stored in your local `.env` files or shell profiles (`~/.zshrc`, `~/.bashrc`).

<Tip>Local `.env` files are currently only supported in 1Password for Mac and Linux. You can also [programmatically read project secrets](/environments/read-environment-variables) from Environments on any platform using the latest beta version of the CLI or SDKs.</Tip>

### Add validation for AI-assisted coding

If you use AI coding agents in tools like Cursor, GitHub Copilot, Claude Code, or Windsurf, you can use [1Password hooks](/environments/agent-hook-validate) to validate that your locally mounted `.env` files are properly configured before the agent executes shell commands.

If any required `.env` files are missing or invalid, the hook prevents the agent from executing and the agent provides instructions for how to fix the issue.

<CardGroup cols={3}>
  <Card title="Create and manage Environments" href="/environments" icon="https://mintcdn.com/ab-634991b8/kblVKwG534GVs6ut/static/img/product-icons/light/environments.svg?fit=max&auto=format&n=kblVKwG534GVs6ut&q=85&s=40fd45ddb1099154832a332c40c46c9a" width="33" height="32" data-path="static/img/product-icons/light/environments.svg">
    Store your AI API keys in an Environment.
  </Card>

  <Card title="Access secrets through local .env files" href="/environments/local-env-file" icon="file-lines">
    Sync an Environment to a local `.env` file.
  </Card>

  <Card title="Install the validation hook" href="/environments/cursor-hook-validate" icon="shield-halved">
    Validate locally mounted `.env` files before your agent runs shell commands.
  </Card>
</CardGroup>

## Secure MCP server config files

MCP server configurations (like `mcp.json`) often include API tokens and other credentials as environment variables. Yours might look something like this:

```
{
  "mcpServers": {
    "github": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-github"],
      "env": {
        "GITHUB_TOKEN": "ghp_your-secret-token"
      }
    }
  }
}
```

Instead of exposing your tokens in plaintext, you can store them in 1Password, then use an [Environment](/environments) (beta) to securely load the secrets as environment variables at runtime.

Your new MCP configuration file should reference the environment variable names for each secret instead of the actual values. For example:

```
{
  "mcpServers": {
    "github": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-github"],
      "env": {
        "GITHUB_TOKEN": "$GITHUB_TOKEN" 
      }
    }
  }
}
```

To get started with Environments:

1. Install the [latest beta of 1Password CLI](https://app-updates.agilebits.com/product_history/CLI2#beta).
2. [Create an Environment](/environments) in 1Password and add the credentials your MCP server configuration needs as variables.
3. Open the Environment you just created and select **Manage environment** > **Copy environment ID**.
4. Wrap the command to start your MCP server with [`op run --environment`](/environments/read-environment-variables#pass-environment-variables-to-an-application-or-script) to provision your Environment's variables for the duration of the MCP server process:

   ```shell theme={null}
   op run --environment <environmentID> -- <command>
   ```

<Note>
  You can also load your API tokens from 1Password at runtime using `op run` and [secret references](/cli/secret-references).
</Note>

## Autofill in browser-based agents (early access)

When browser-based AI agents need to sign in to websites, they typically prompt you to enter your login details manually. This exposes your credentials to the agent and the underlying model.

[1Password Agentic Autofill](/agentic-autofill) (early access) provides a secure alternative. Instead of handing secrets directly to the agent, you tell the agent to sign in using 1Password. When the agent needs to authenticate, 1Password prompts you to approve or deny the request.

If you approve, the 1Password browser extension autofills your login details over an end-to-end encrypted channel and the agent completes the sign-in process without ever seeing your credentials.

Agentic Autofill is currently available through Browserbase Director, a no-code AI agent for web-based tasks.

<CardGroup cols={2}>
  <Card title="Set up Agentic Autofill" href="/agentic-autofill" icon="robot">
    Get started with Agentic Autofill and Browserbase Director.
  </Card>
</CardGroup>

## Authenticate AI command-line tools with biometrics

You can set up [1Password Shell Plugins](/cli/shell-plugins) to authenticate AI command-line tools like [OpenAI CLI](/cli/shell-plugins/openai) or [Claude Code CLI](/cli/shell-plugins/claude-code) using the 1Password desktop app, eliminating the need to store plaintext API keys in your shell profile or environment.

When you use a shell plugin, you authenticate the underlying CLI in the same way you unlock the 1Password desktop app, like with Touch ID, Apple Watch, or a Linux system authentication option, which enables convenient human-in-the-loop approval.

<Frame>
  <video loop autoPlay muted playsInline>
    <source type="video/mp4" src="https://mintcdn.com/ab-634991b8/qM4tMm7-TlQrVpxf/static/videos/claude-code.mp4?fit=max&auto=format&n=qM4tMm7-TlQrVpxf&q=85&s=74f5154eef7d6a9d7f9c0d8876054216" data-path="static/videos/claude-code.mp4" />

    <source type="video/webm" src="https://mintcdn.com/ab-634991b8/qM4tMm7-TlQrVpxf/static/videos/claude-code.webm?fit=max&auto=format&n=qM4tMm7-TlQrVpxf&q=85&s=6d97ffe94cff66d663154d3481d582c6" data-path="static/videos/claude-code.webm" />
  </video>
</Frame>

Shell plugins let you [configure different default credentials in different directories](/cli/shell-plugins/environments), so you can automatically switch between secrets for different projects without needing to take any manual action.

## Get help

To get help, join the discussion in our [Developer community](https://www.1password.community/category/discuss/discussions/developers) or join our [Developer Slack workspace](https://developer.1password.com/joinslack).