1password
Expose 1Password vault items to coding agents via a service account without copying secrets into repos.
Overview
1Password MCP is an MCP server for the Ship phase that exposes vault tools and resources to agents using a 1Password service account token.
What is this MCP server?
- MCP tools and resources for 1Password service accounts (v2.0.3)
- Stdio transport via npm @takescake/1password-mcp
- Requires OP_SERVICE_ACCOUNT_TOKEN (secret env var)
- Vault and credential access designed for agent workflows, not browser-only unlock
- Version 2.0.3; registry npm @takescake/1password-mcp
- One required secret env: OP_SERVICE_ACCOUNT_TOKEN
- Transport: stdio
Community signal: 16 GitHub stars.
What problem does it solve?
Agents and local scripts need API keys without pasting them into chats or committing .env files.
Who is it for?
Builders already on 1Password service accounts who want MCP-native secret fetch for coding agents.
Skip if: Personal 1Password without service accounts, teams forbidding automated vault access, or hosts that cannot run stdio npm MCP.
What do I get? / Deliverables
After install, your agent can resolve named credentials from scoped vaults through MCP instead of static env copies.
- Configured MCP server with scoped vault access
- Agent-callable tools/resources for credential lookup by item
Recommended MCP Servers
Journey fit
How it compares
1Password service-account MCP adapter, not a generic password generator skill.
Common Questions / FAQ
Who is 1password MCP for?
Developers using 1Password service accounts who want Claude, Cursor, or Codex to read vault items through MCP safely.
When should I use 1password MCP?
Use it while shipping—configuring deploy keys, third-party API tokens, and agent runtimes—before secrets spread across repos.
How do I add 1password MCP to my agent?
Set OP_SERVICE_ACCOUNT_TOKEN in your MCP server env, add @takescake/1password-mcp (stdio) to your client config, then restart the host.