Security noticeThis article demonstrates how to use 1Password developer tools in conjunction with an agentic AI application. It is not our recommended integration approach. Exposing raw credentials directly to an AI model carries significant risks. Where possible, avoid passing secrets to the model. Instead, use short-lived, tightly scoped tokens, implement strong auditing practices, and minimize the model’s access to sensitive data.For more insight into our security recommendations and philosophy, please refer to our blog post: Securing the Agentic Future.
In this tutorial, you’ll learn a workflow for providing credentials stored in 1Password to an AI agent using 1Password SDKs.We’ll walk through the process using an example integration with Anthropic Claude that automatically books a flight with your company credit card then submits an expense report in Ramp, all without hardcoding any secrets. By the end, you’ll understand how to:
Follow the principle of least privilege to make sure your AI agent only has the minimum access needed to perform your task.
Create a 1Password Service Account with least privilege access to relevant items in your 1Password account.
Create secret reference URIs that point to where your credentials are stored in 1Password, so you can avoid hardcoding your secrets in plaintext.
Use the 1Password SDKs to fetch the secrets your AI agent needs at runtime.
With this workflow, your AI agent can access only the secrets in 1Password it needs to authenticate into services. And you can see what items the agent accesses by creating a service account usage report.
Part 1: Set up a 1Password Service Account scoped to a vault
In the first part of this tutorial, you’ll learn how to use 1Password to follow the security principle of least privilege, which requires that a process only be given the minimum level of access needed to complete its task.To do this, you’ll create a vault in your 1Password account that only contains the secrets your AI agent needs. Then you’ll create a service account that only has read access to the new vault, and can’t access any other items in your account. When your agent authenticates to 1Password using the service account, it won’t have any unnecessary access or permissions beyond the bare minimum.
Step 1: Create a vault that only contains items required for the task
First, create a vault that only contains the credentials you’ll need to perform the task you want the AI agent to complete. For our example, we’ll create a new vault Tutorial that contains our Navan and Ramp logins, and our travel credit card.
Step 2: Create a service account scoped to the vault
Service accounts are a token-based authentication method that you can scope to specific vaults and permissions. For this tutorial, we’ll create a service account that only has read access in the Tutorial vault.
Select Developer in the sidebar. Or, if you already have active applications and services, select Directory at the top of the Developer page.
Under Access Tokens, select Service Account.
Give your service account a name. For example, AI Agent Workflow Service Account, then select Next.
On the next screen, you’ll see a list of your 1Password vaults. Select the Tutorial vault you created in the previous step, then select the gear icon next to it. In the permissions dropdown, select Read Items.
Select Create Account.
On the next screen, select Save in 1Password, then save your newly-created service account token in the Tutorial vault.
In the second part of this tutorial, you’ll learn how to build an AI agent integration that fetches your credentials from 1Password at runtime.To do this, you’ll use the secrets.resolve() method with secret reference URIs that point to where your credentials are stored in your 1Password account. When the agent runs, 1Password injects the actual secrets referenced by the URIs.This setup makes sure that your agent can only work with the credentials you explicitly provide as secret references in your non-dynamic controller code. This creates a clear boundary between your 1Password account and the AI agent, and prevents the agent from crafting its own requests to 1Password or accessing other credentials.
Before you proceedSet up a project for your AI agent integration using 1Password SDKs. In the example below, we’ve created an integration using the Python SDK. Learn how to get started with 1Password SDKs.
Define the credentials your AI agent will need using the secrets.resolve() method from the 1Password SDK. You can use placeholder secret references for now – we’ll replace them with real secret references in the next step.In our example, we’ve defined:
Our Navan username and password.
Our travel credit card number, expiration date, and CVC.
Now, provide the AI agent instructions for how to use the credentials you fetched in the previous step. In our example, we instruct the agent to book a flight using our company credit card, then file an expense report for reimbursement.
AI agents can make mistakes. Make sure to double check the results of your prompts.
Report incorrect code
Copy
Ask AI
import asyncioimport osfrom browser_use import Agentfrom langchain_anthropic import ChatAnthropicfrom onepassword.client import Clientasync def main(): op_client = await Client.authenticate(os.getenv("OP_SERVICE_ACCOUNT_TOKEN"), "1Password Integration", "v0.0.1") credentials = { "x_navan_username": await op_client.secrets.resolve("op://Tutorial/Navan/username"), "x_navan_password": await op_client.secrets.resolve("op://Tutorial/Navan/password"), "x_travel_credit_card_number": await op_client.secrets.resolve("op://Tutorial/Travel Card/credit_card_number"), "x_travel_credit_card_expiration": await op_client.secrets.resolve("op://Tutorial/Travel Card/credit_card_expiration"), "x_travel_credit_card_cvc": await op_client.secrets.resolve("op://Tutorial/Travel Card/credit_card_cvc"), "x_ramp_username": await op_client.secrets.resolve("op://Tutorial/Ramp/username"), "x_ramp_password": await op_client.secrets.resolve("op://Tutorial/Ramp/password") } agent_instructions = f""" Book a round-trip flight for a business trip to San Francisco: - Arrival: Monday, April 28, 2025, before 1:00 PM - Return: Thursday, May 1, 2025, after 11:00 AM Use Navan to find and purchase the flight. Log in using x_navan_username and x_navan_password. Use the company credit card stored as x_travel_credit_card_number, x_travel_credit_card_expiration, and x_travel_credit_card_cvc. Then open Ramp and create a new expense report for the trip. Log in using x_ramp_username and x_ramp_password. Upload the flight receipt and submit the report for reimbursement. """ llm = ChatAnthropic( model_name="claude-3-5-sonnet-20240620", temperature=0.0, timeout=100 ) agent = Agent( task=agent_instructions, llm=llm, sensitive_data=credentials, ) result = await agent.run() print(result)asyncio.run(main())
Run the script, and the agent will load your secrets from 1Password and perform the defined tasks.
In this tutorial, you learned how to provide an AI agent with access credentials to perform a specific task, without hardcoding any secrets or giving the agent unnecessary access permissions.You can modify the provided example to work with other AI agents or language models, and extend it to support a wide range of tasks.
