Onepassword
Expose 1Password vault items to your agent through the official CLI bridge so deploy and integration work can reference secrets without pasting them into chat.
Overview
1Password MCP is a MCP server for the Ship phase that reads and manages 1Password credentials via the CLI using a service account token over stdio.
What is this MCP server?
- Stdio MCP server (onepassword-mcp-server v0.5.3) wrapping 1Password CLI with OP_SERVICE_ACCOUNT_TOKEN
- ENABLED_TOOLGROUPS comma list toggles readonly vs write credential tools
- Optional OP_ELICITATION_READ prompts before revealing secrets; DANGEROUSLY_SKIP_ELICITATIONS bypasses all approvals
- SKIP_HEALTH_CHECKS can skip startup credential validation
- npx -y stdio launch from PulseMCP experimental onepassword package
- Server package version 0.5.3, npm identifier onepassword-mcp-server
- OP_SERVICE_ACCOUNT_TOKEN marked required in server schema
- Five environment variables documented including ENABLED_TOOLGROUPS and DANGEROUSLY_SKIP_ELICITATIONS
Community signal: 70 GitHub stars.
What problem does it solve?
Agents need API keys and passwords during ship work, but copying secrets into chats or repo files creates leakage you cannot undo.
Who is it for?
Solo builders already on 1Password who want MCP-gated secret access with readonly-first tool groups during integration and deploy prep.
Skip if: Teams without 1Password CLI and service accounts, or anyone tempted to set DANGEROUSLY_SKIP_ELICITATIONS in production agent hosts.
What do I get? / Deliverables
After registration with OP_SERVICE_ACCOUNT_TOKEN, your agent can request vault-backed credentials through gated tools instead of improvised plaintext storage.
- Agent-callable 1Password tools scoped by readonly and/or write groups
- Startup health checks against credentials unless SKIP_HEALTH_CHECKS is enabled
- Operational pattern for human-approved secret reads when OP_ELICITATION_READ is true
Recommended MCP Servers
Journey fit
Ship is the canonical phase because credential access matters most when you are wiring APIs, rotating keys, and hardening what the agent can touch before production. Security is the right subphase: the server is explicitly for reading and managing credentials via 1Password CLI with optional readonly vs write tool groups and approval elicitation.
How it compares
MCP secrets bridge via 1Password CLI, not a generic .env manager skill or password generator.
Common Questions / FAQ
Who is 1Password MCP for?
Developers using Claude Code, Cursor, or Codex who centralize secrets in 1Password and need agent tools that respect CLI and service-account access.
When should I use 1Password MCP?
Use it in Ship security when wiring third-party APIs, rotating keys, or letting an agent fetch approved items without pasting secrets into the thread.
How do I add 1Password MCP to my agent?
Configure the stdio server with npx -y onepassword-mcp-server, set required OP_SERVICE_ACCOUNT_TOKEN, and optionally ENABLED_TOOLGROUPS and OP_ELICITATION_READ for safer readonly access.