Skip to main content

Documentation Index

Fetch the complete documentation index at: https://www.1password.dev/llms.txt

Use this file to discover all available pages before exploring further.

You can use 1Password SDKs to read, write, and update secret values stored in your 1Password items. When managing items, you must use unique identifiers (IDs) in place of vault, item, section, and field names. You can get IDs by listing vaults and items. You can perform item management operations on supported field types. Some field types have special constraints.

Before you get started

Before you begin, follow the steps to get started with a 1Password SDK. The examples on this page assume you have an initialized client instance, except for password generation, which does not require a client. For example: 
package main

import (
	"context"

	"github.com/1password/onepassword-sdk-go"
)

func main() {
	// TODO: Initialize client using your preferred authentication method (see Overview > Get started)
	client, err := onepassword.NewClient(context.Background(),
	)
	if err != nil {
		panic(err)
	}

	// Your code here
}
See the examples folder in the 1Password Go, JavaScript, or Python SDK GitHub repository for full example code you can quickly clone and test in your project.

Create an item

To create a new item, specify the parameters for the item and pass the defined item to the Items().Create() method.The following example creates a Login item with a username, password, one-time password, and a website where 1Password will autofill the credentials.The value of the one-time password field can be either a one-time password secret or an otpauth:// URI. In this example, the one-time password field is organized beneath a custom section.
sectionID := "extraDetails"
itemParams := onepassword.ItemCreateParams{
	Title:    "Login created with the SDK",
	Category: onepassword.ItemCategoryLogin,
	VaultID:  vaultID,
	Fields: []onepassword.ItemField{
		{
			ID:        "username",
			Title:     "username",
			Value:     "Wendy_Appleseed",
			FieldType: onepassword.ItemFieldTypeText,
		},
		{
			ID:        "password",
			Title:     "password",
			Value:     "my_weak_password123",
			FieldType: onepassword.ItemFieldTypeConcealed,
		},
		{
			ID:        "onetimepassword",
			Title:     "one-time password",
			Value:     "otpauth://totp/my-example-otp?secret=jncrjgbdjnrncbjsr&issuer=1Password",
			SectionID: &sectionID,
			FieldType: onepassword.ItemFieldTypeTOTP,
		},
	},
	Sections: []onepassword.ItemSection{
		{
			ID:    sectionID,
			Title: "Extra Details",
		},
	},
	Tags: []string{"test tag1", "test tag 2"},
	Websites: []onepassword.Website{
		{
			URL:              "1password.com",
			AutofillBehavior: onepassword.AutofillBehaviorAnywhereOnWebsite,
			Label:            "my custom website",
		},
	},
}

// Creates a new item based on the structure definition above
createdItem, err := client.Items().Create(context.Background(), itemParams)
if err != nil {
	panic(err)
}

Item parameters

Item parameters include:
ParameterDefinition
TitleThe name of the item.
CategoryThe type of item you want to create.
Supported categories Login, SecureNote, CreditCard, CryptoWallet, Identity, Password, Document, ApiCredentials, BankAccount, Database, DriverLicense, Email, MedicalRecord, Membership, OutdoorLicense, Passport, Rewards, Router, Server, SshKey, SocialSecurityNumber, SoftwareLicense, Person
Vault IDThe ID of the vault where you want to create the item.
FieldsThe item fields.
SectionsThe item sections.
NotesThe item notes.
TagsA list of tags to add to the item.
WebsitesAn optional list of websites where 1Password will suggest and fill the login. Only available for Login and Password items.
A section organizes fields in an item under a section title. Section parameters include:
ParameterDescription
Section IDA unique identifier for the section.
Section TitleThe name of the section.
Field parameters include:
ParameterDescription
IDA unique identifier for the field. For fields that are specific to an item category, like username and password for a Login item, use the appropriate built-in field ids.
TitleThe name of the field.
Field typeThe type of field. Some field types have special constraints.
Supported fields Address, Concealed, CreditCardNumber, CreditCardType, Date, Email, Menu, MonthYear, Notes, Phone, Reference, Text, Totp, Url, SSHKey
ValueThe value stored in the field.
Field DetailsOptional for most field types. Required for Address fields.
Section IDOrganizes a field under a section. Required for all fields except built-in fields like username and password. If you create a custom field without a section, 1Password will create an empty section and assign the field to it.
Autofill website parameters include:
ParameterDescription
URLThe URL for the website.
LabelThe name of the website.
Autofill behaviorWhen 1Password will autofill your credentials on the website. Options include:
  • AnywhereOnWebsite: 1Password autofills credentials on any page that’s part of the website, including subdomains.
  • ExactMatch: 1Password autofills credentials only if the domain (hostname and port) is an exact match.
  • Never: 1Password never autofills credentials on this website.
To manage items that include files, learn how to manage files using 1Password SDKs.

Get an item

To get an item, pass the item ID and vault ID for the item to the Items().Get() method.To get the item created in the first step:
// Retrieves the newly created item
login, err := client.Items().Get(context.Background(), createdItem.VaultID, createdItem.ID)
if err != nil {
	panic(err)
}

Get a one-time password

You can use 1Password SDKs to get the value stored in a field, like the six-digit one-time password code from a Totp field.
To retrieve and print a one-time password from the item created in the first step:
// Retrieve TOTP code from an item
for _, f := range login.Fields {
	if f.FieldType == onepassword.ItemFieldTypeTOTP {
		OTPFieldDetails := f.Details.OTP()
		if OTPFieldDetails.ErrorMessage == nil {
			fmt.Println(*OTPFieldDetails.Code)
		} else {
			panic(*OTPFieldDetails.ErrorMessage)
		}
	}
}

Update an item

To update an item, fetch the item you want to update, specify the changes you want to make, then pass the updated item to the Items().Put() method.
// Retrieves the newly created item
item, err := client.Items().Get(context.Background(), existingVaultID, existingItemID)
if err != nil {
	panic(err)
}

// Finds the field named "Details" and edits its value
for i := range item.Fields {
	if item.Fields[i].Title == "Details" {
		item.Fields[i].Value = "updated details"
	}
}
item.Title = "New Title"
item.Websites = append(item.Websites, onepassword.Website{
	URL:              "2password.com",
	Label:            "my second custom website",
	AutofillBehavior: onepassword.AutofillBehaviorNever,
})

updatedItem, err := client.Items().Put(context.Background(), item)
if err != nil {
	panic(err)
}

Archive an item

To archive an item, pass the item ID and vault ID for the item to the Items().Archive() method.
// Archive a item from your vault.
err := client.Items().Archive(context.Background(), vaultID, itemID)

if err != nil {
	panic(err)
}

Delete an item

To delete an item, pass the item ID and vault ID for the item to the Items().Delete() method.
// Delete a item from your vault.
err := client.Items().Delete(context.Background(), vaultID, itemID)
if err != nil {
	panic(err)
}

Generate a password

You can use the Secrets.GeneratePassword() method to generate a password by passing a PIN, Random, or Memorable password recipe struct, depending on the type of password you want to generate.
Generates a PIN code. You can specify the length of the generated code.
pinPassword, err := onepassword.Secrets.GeneratePassword(context.Background(), onepassword.NewPasswordRecipeTypeVariantPin(&onepassword.PasswordRecipePinInner{Length: 10}))
if err != nil {
	panic(err)
}
fmt.Println(pinPassword.Password)

Manage items in bulk

Create items

You can use the Items().CreateAll() method to batch create up to 100 items within a single vault. Learn more about field type constraints.The following example creates three example items in the vault specified with the vaultId variable. Make sure to set this variable to the unique identifier for the vault where you want to create the items.
sectionID := "extraDetails"
var itemsToCreate []onepassword.ItemCreateParams
for i := 1; i <= 3; i++ {
	itemsToCreate = append(itemsToCreate, onepassword.ItemCreateParams{
		Title:    fmt.Sprintf("Login %d created with the SDK", i),
		Category: onepassword.ItemCategoryLogin,
		VaultID:  vaultID,
		Fields: []onepassword.ItemField{
			{
				ID:        "username",
				Title:     "username",
				Value:     "Wendy_Appleseed",
				FieldType: onepassword.ItemFieldTypeText,
			},
			{
				ID:        "password",
				Title:     "password",
				Value:     "my_weak_password123",
				FieldType: onepassword.ItemFieldTypeConcealed,
			},
			{
				ID:        "onetimepassword",
				Title:     "one-time password",
				Value:     "otpauth://totp/my-example-otp?secret=jncrjgbdjnrncbjsr&issuer=1Password",
				SectionID: &sectionID,
				FieldType: onepassword.ItemFieldTypeTOTP,
			},
		},
		Sections: []onepassword.ItemSection{
			{
				ID:    sectionID,
				Title: "Extra Details",
			},
		},
		Tags: []string{"test tag1", "test tag 2"},
		Websites: []onepassword.Website{
			{
				URL:              "1password.com",
				AutofillBehavior: onepassword.AutofillBehaviorAnywhereOnWebsite,
				Label:            "my custom website",
			},
		},
	})
}

// Create all items in the same vault in a single batch
batchCreateResponse, err := client.Items().CreateAll(context.Background(), vaultID, itemsToCreate)
if err != nil {
	panic(err)
}

var itemIDs []string
for _, res := range batchCreateResponse.IndividualResponses {
	if res.Content != nil {
		fmt.Printf("Created Item %q (%s)\\n", res.Content.Title, res.Content.ID)
		itemIDs = append(itemIDs, res.Content.ID)
	} else if res.Error != nil {
		fmt.Printf("[Batch create] Something went wrong: %s\\n", res.Error)
	}
}

Get items

You can use the Items().GetAll() method to fetch up to 50 items from a specified vault using their unique identifiers.To get the items you created in the previous step:
// Get multiple items form the same vault in a single batch
batchGetResponse, err := client.Items().GetAll(context.Background(), vaultID, itemIDs)
if err != nil {
	panic(err)
}
for _, res := range batchGetResponse.IndividualResponses {
	if res.Content != nil {
		fmt.Printf("Obtained Item %q (%s)\\n", res.Content.Title, res.Content.ID)
	} else if res.Error != nil {
		fmt.Printf("[Batch get] Something went wrong: %s\\n", res.Error)
	}
}

Delete items

You can use the Items().DeleteAll() method to batch delete a list of items from a specified vault using their unique identifiers. Deleted items remain available in Recently Deleted for 30 days.To delete the items you created in the previous step:
// Delete multiple items from the same vault in a single batch
batchDeleteResponse, err := client.Items().DeleteAll(context.Background(), vaultID, itemIDs)
if err != nil {
	panic(err)
}
for id, res := range batchDeleteResponse.IndividualResponses {
	if res.Error != nil {
		fmt.Printf("[Batch delete] Something went wrong: %s\\n", res.Error)
	} else {
		fmt.Printf("Deleted item %s\\n", id)
	}
}

Appendix: Field type constraints

Some supported field types have special requirements and constraints. Use these field definitions inside the fields list when creating or updating an item.

Address

For an Address type item field, the address field’s value is built using the address field’s details, because address string formats can differ according to the country. You must define which piece of the address each particular string corresponds to so that 1Password can properly create the address string. To change the value of an Address field, edit the item field details directly, not the field value. 
address := onepassword.NewItemFieldDetailsTypeVariantAddress(&onepassword.AddressFieldDetails{
	Street:  "123 Main St",
	City:    "Anytown",
	State:   "CA",
	Zip:     "12345",
	Country: "USA",
})
addressField := onepassword.ItemField{
	ID:        "address",
	Title:     "Address",
	SectionID: &sectionID,
	FieldType: onepassword.ItemFieldTypeAddress,
	Value:     "",
	Details:   &address,
}

Date

For a Date type item field, the date field’s value must be a string formatted as YYYY-MM-DD. For example, 1998-03-15. 
{
	ID:        "date",
	Title:     "Date",
	SectionID: &sectionID,
	FieldType: onepassword.ItemFieldTypeDate,
	Value:     "1998-03-15",
},

MonthYear

For a MonthYear type item field, the value must be a string formatted as MM/YYYY. For example, 10/2000. 
{
	ID:        "month_year",
	Title:     "Month Year",
	SectionID: &sectionID,
	FieldType: onepassword.ItemFieldTypeMonthYear,
	Value:     "03/1998",
},

Reference

For a Reference type item field, the reference field’s value must be the unique identifier (ID) of another item that exists within the same vault. This ID should be a 26 character alphanumeric string. For example, vhn2qfnmizg6rw4iqottczq3fy. 
{
	ID:        "reference",
	Title:     "Reference",
	FieldType: onepassword.ItemFieldTypeReference,
	SectionID: &sectionID,
	Value:     "f43hnkatjllm5fsfsmgaqdhv7a",
},

SSH Key

For an SSHKey type item field, the SSH key field’s value must be a valid SSH private key – a decrypted, PEM-encoded string. You can use private key strings generated from the source of your choice, or you can generate SSH keys in your SDK language using that language’s native support. Currently, if you attempt to pass an encrypted private key, you’ll see an error. SSH key fields can only be added to items with the SSH Key category. You can add one SSH key field per item. When you create an item with an SSH key field assigned to it, 1Password will generate a public key, fingerprint, and key type which are stored in the SSH key field details.
The following example shows how to generate a valid SSH private key in Go and adds it to a new SSH Key item in 1Password.
// Generate the RSA key pair
privateKey, err := rsa.GenerateKey(rand.Reader, 4096)
if err != nil {
	panic(err)
}
privBytes, err := x509.MarshalPKCS8PrivateKey(privateKey)
if err != nil {
	panic(err)
}
// Encode the data into PEM format
sshKeyPEMBytes := string(pem.EncodeToMemory(&pem.Block{
	Type:  "PRIVATE KEY",
	Bytes: privBytes,
}))

vaultID := os.Getenv("OP_VAULT_ID")

sectionID := "extraDetails"
itemParams := onepassword.ItemCreateParams{
	Title:    "SSH Key Item Created With Go SDK",
	Category: onepassword.ItemCategorySSHKey,
	VaultID:  vaultID,
	Fields: []onepassword.ItemField{
		{
			ID:        "private_key",
			Title:     "private key",
			Value:     sshKeyPEMBytes,
			FieldType: onepassword.ItemFieldTypeSSHKey,
			SectionID: &sectionID,
		},
	},
	Sections: []onepassword.ItemSection{
		{
			ID:    sectionID,
			Title: "Extra Details",
		},
	},
}

// Creates a new item based on the structure definition above
createdItem, err := client.Items().Create(context.Background(), itemParams)
if err != nil {
	panic(err)
}

// Fetch all SSH key attributes
fmt.Println(createdItem.Fields[0].Value)
if sshAttributes := createdItem.Fields[0].Details.SSHKey(); sshAttributes != nil {
	fmt.Println(createdItem.Fields[0].Details.SSHKey().PublicKey)
	fmt.Println(createdItem.Fields[0].Details.SSHKey().Fingerprint)
	fmt.Println(createdItem.Fields[0].Details.SSHKey().KeyType)
}

TOTP

For a Totp type item field, the TOTP field’s value must either be a valid one-time password URL (for example, otpauth://totp/rsnjfceadiejs?secret=e4dw4xrdq34wd3qw3&issuer=vfsrfesfes), or a one-time password seed (for example, e4dw4xrdq34wd3qw3). 
{
	ID:        "onetimepassword",
	Title:     "One-Time Password URL",
	SectionID: &sectionID,
	FieldType: onepassword.ItemFieldTypeTOTP,
	Value:     "otpauth://totp/my-example-otp?secret=jncrjgbdjnrncbjsr&issuer=1Password",
},

Troubleshooting

If you aren’t able to create, edit, or delete items and see an error that you “don’t have the right permissions to execute this argument,” check your service account’s permissions in the vault where the items are saved:
  1. Sign in to your account on 1Password.com.
  2. Select Developer in the sidebar.
  3. Choose the service account, then confirm that you see Read & Write next to the vault in the Vaults table.
If your service account only has read access, you’ll need to create a new service account with read and write permissions.

Learn more