1password

16authSTDIOregistry active

Summary

Connects Claude and other MCP clients to 1Password vaults via service accounts. Exposes eight tools covering the full credential lifecycle: vault and item listing, password CRUD operations, secure generation (random or memorable passphrases), and lookups via secret references like op://vault/item/field. Ships with four guided prompts for common workflows like credential rotation and vault audits. Best suited for managing automated or disposable credentials in CI/CD pipelines, dev environments, and bot accounts rather than high-stakes personal secrets. Secrets flow through the LLM in plaintext, so treat this like any other automation tooling. Supports macOS Keychain integration to keep tokens out of config files.

CodeRabbit

AI writes the code. CodeRabbit catches the slop.

Try For Free →

Keep your Mac awake

Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.

One time payment $9 →

Context.dev

Integrate web data into your AI product. One API to scrape website & brand data.

Get API Key Now →

Make your agent a DeFi expert

Agent, run crypto. Access onchain data & trade routes via 1inch.

Install now →

Make money from your Skills

On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.

Start earning →

AppSignal

Monitor with ease. Code with confidence.

Start Free Trial →

CodeRabbit

AI writes the code. CodeRabbit catches the slop.

Try For Free →

Keep your Mac awake

Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.

One time payment $9 →

Context.dev

Integrate web data into your AI product. One API to scrape website & brand data.

Get API Key Now →

Make your agent a DeFi expert

Agent, run crypto. Access onchain data & trade routes via 1inch.

Install now →

Make money from your Skills

On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.

Start earning →

AppSignal

Monitor with ease. Code with confidence.

Start Free Trial →

1Password MCP Server

A community-built Model Context Protocol (MCP) server that connects MCP-compatible AI clients (Claude Desktop, VS Code Copilot, OpenAI Codex, Gemini, etc.) to 1Password vaults via a Service Account.

Not an official 1Password product. This is a community project.

Features

Tools (8)

Tool	Description
`vault_list`	List all accessible vaults
`item_lookup`	Search items by title in a vault
`item_delete`	Delete an item from a vault
`password_create`	Create a new password/login item
`password_read`	Retrieve a password via secret reference (`op://vault/item/field`) or vault/item ID
`password_update`	Rotate/update an existing password
`password_generate`	Generate a cryptographically secure random password
`password_generate_memorable`	Generate a memorable passphrase from ~500 dictionary words

Prompts (4)

Prompt	Description
`generate-secure-password`	Guided workflow to generate and store a secure password
`credential-rotation`	Step-by-step credential rotation: read, generate, update, verify
`vault-audit`	Audit vault contents: list items, categorize, flag concerns
`secret-reference-helper`	Construct `op://vault/item/field` references interactively

Resources (3)

Resource URI	Description
`1password://config`	Current server configuration (non-secret)
`1password://vaults`	Browsable list of all accessible vaults
`1password://vaults/{vaultId}/items`	Browsable list of items in a vault

Quick Start

Prerequisites

Node.js >= 18
A 1Password Service Account token

Claude Desktop / VS Code / IDEs (JSON)

{
  "mcpServers": {
    "1password": {
      "command": "npx",
      "args": ["-y", "@takescake/1password-mcp"],
      "env": {
        "OP_SERVICE_ACCOUNT_TOKEN": "YOUR_SERVICE_ACCOUNT_TOKEN"
      }
    }
  }
}

macOS Keychain (JSON)

If you do not want to store the service account token directly in your MCP config, macOS users can store it in Keychain and configure the server to read it at startup instead:

{
  "mcpServers": {
    "1password": {
      "command": "npx",
      "args": ["-y", "@takescake/1password-mcp"],
      "env": {
        "OP_KEYCHAIN_SERVICE": "op-service-account-claude-automation",
        "OP_KEYCHAIN_ACCOUNT": "your-macos-username"
      }
    }
  }
}

Precedence is: CLI arguments (--service-account-token / --token) > OP_SERVICE_ACCOUNT_TOKEN > macOS Keychain lookup. OP_KEYCHAIN_ACCOUNT is optional if your Keychain service name is already unique enough.

OpenAI Codex (TOML)

Option A (stores the token in config):

[mcp_servers."1password"]
command = "npx"
args = ["-y", "@takescake/1password-mcp"]

[mcp_servers."1password".env]
OP_SERVICE_ACCOUNT_TOKEN = "YOUR_SERVICE_ACCOUNT_TOKEN"

Option B (recommended: does NOT store the token in Codex config):

[mcp_servers."1password"]
command = "npx"
args = ["-y", "@takescake/1password-mcp"]
env_vars = ["OP_SERVICE_ACCOUNT_TOKEN"]

Then set OP_SERVICE_ACCOUNT_TOKEN in your shell/session/CI environment.

Note: codex mcp add ... --env OP_SERVICE_ACCOUNT_TOKEN=... writes the token into Codex config. Use env_vars if you want the config to reference only the variable name.

On macOS, you can also omit OP_SERVICE_ACCOUNT_TOKEN and set OP_KEYCHAIN_SERVICE (plus optional OP_KEYCHAIN_ACCOUNT) to read the token from Keychain at startup.

CLI Options

--service-account-token <token>   1Password service account token
--log-level <level>               Log level: error, warn, info, debug (default: info)
--integration-name <name>         Custom integration name for 1Password SDK
--integration-version <version>   Custom integration version

Security & Privacy

Read this before using.

LLM privacy risk -- Secrets retrieved/created may be sent to your LLM provider and could be retained depending on your provider/account settings.
No E2E encryption in MCP -- Secrets are plaintext inside the MCP workflow and in transit to the model. They are encrypted only once stored in 1Password.
Intended use -- Best for automated/disposable credentials (dev DB creds, bot/service accounts, CI tokens).
Avoid high-stakes secrets -- Do not use for banking, primary personal accounts, or other sensitive credentials. Use dedicated automation vaults.
Token security -- Treat the Service Account Token like a master key. Rotate immediately if exposed.
Config files -- Keep MCP config files out of version control (add to .gitignore).
Secret references -- Prefer op://... references over copying raw passwords into prompts or files.
Least privilege -- Use dedicated vaults and limited-scope service accounts for automation workflows.

Development

# Clone and install
git clone https://github.com/CakeRepository/1Password-MCP.git
cd 1Password-MCP
npm install

# Build
npm run build

# Run tests
npm test

# Type-check
npm run lint

# Watch mode (dev)
npm run dev

Project Structure

src/
  index.ts              # Server entrypoint
  types.ts              # Shared type definitions
  logger.ts             # Structured logging (stderr)
  config.ts             # CLI args, env vars, constants
  client.ts             # 1Password SDK client singleton
  utils.ts              # Result helpers, password generation
  tools/                # MCP tool handlers
    index.ts
    vault-list.ts
    item-lookup.ts
    item-delete.ts
    password-create.ts
    password-read.ts
    password-update.ts
    password-generate.ts
    password-generate-memorable.ts
  prompts/              # MCP prompt definitions
    index.ts
  resources/            # MCP resource definitions
    index.ts

See CONTRIBUTING.md for contribution guidelines.

License

Apache License 2.0

Featured

CodeRabbit

AI writes the code. CodeRabbit catches the slop.

Try For Free →

Keep your Mac awake

Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.

One time payment $9 →

Context.dev

Integrate web data into your AI product. One API to scrape website & brand data.

Get API Key Now →

Make your agent a DeFi expert

Agent, run crypto. Access onchain data & trade routes via 1inch.

Install now →

Make money from your Skills

On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.

Start earning →

AppSignal

Monitor with ease. Code with confidence.

Start Free Trial →

Configuration

OP_SERVICE_ACCOUNT_TOKEN*secret

The Service Account Token from 1Password

Registryactive

Package@takescake/1password-mcp

TransportSTDIO

AuthRequired

UpdatedFeb 6, 2026

View on GitHub

1Password MCP Server

Not an official 1Password product. This is a community project.

Features

Tools (8)

Tool	Description
`vault_list`	List all accessible vaults
`item_lookup`	Search items by title in a vault
`item_delete`	Delete an item from a vault
`password_create`	Create a new password/login item
`password_read`	Retrieve a password via secret reference (`op://vault/item/field`) or vault/item ID
`password_update`	Rotate/update an existing password
`password_generate`	Generate a cryptographically secure random password
`password_generate_memorable`	Generate a memorable passphrase from ~500 dictionary words

Prompts (4)

Prompt	Description
`generate-secure-password`	Guided workflow to generate and store a secure password
`credential-rotation`	Step-by-step credential rotation: read, generate, update, verify
`vault-audit`	Audit vault contents: list items, categorize, flag concerns
`secret-reference-helper`	Construct `op://vault/item/field` references interactively

Resources (3)

Resource URI	Description
`1password://config`	Current server configuration (non-secret)
`1password://vaults`	Browsable list of all accessible vaults
`1password://vaults/{vaultId}/items`	Browsable list of items in a vault

Quick Start

Prerequisites

Node.js >= 18
A 1Password Service Account token

Claude Desktop / VS Code / IDEs (JSON)

{
  "mcpServers": {
    "1password": {
      "command": "npx",
      "args": ["-y", "@takescake/1password-mcp"],
      "env": {
        "OP_SERVICE_ACCOUNT_TOKEN": "YOUR_SERVICE_ACCOUNT_TOKEN"
      }
    }
  }
}

macOS Keychain (JSON)

If you do not want to store the service account token directly in your MCP config, macOS users can store it in Keychain and configure the server to read it at startup instead:

{
  "mcpServers": {
    "1password": {
      "command": "npx",
      "args": ["-y", "@takescake/1password-mcp"],
      "env": {
        "OP_KEYCHAIN_SERVICE": "op-service-account-claude-automation",
        "OP_KEYCHAIN_ACCOUNT": "your-macos-username"
      }
    }
  }
}

OpenAI Codex (TOML)

Option A (stores the token in config):

[mcp_servers."1password"]
command = "npx"
args = ["-y", "@takescake/1password-mcp"]

[mcp_servers."1password".env]
OP_SERVICE_ACCOUNT_TOKEN = "YOUR_SERVICE_ACCOUNT_TOKEN"

Option B (recommended: does NOT store the token in Codex config):

[mcp_servers."1password"]
command = "npx"
args = ["-y", "@takescake/1password-mcp"]
env_vars = ["OP_SERVICE_ACCOUNT_TOKEN"]

Then set OP_SERVICE_ACCOUNT_TOKEN in your shell/session/CI environment.

Note: codex mcp add ... --env OP_SERVICE_ACCOUNT_TOKEN=... writes the token into Codex config. Use env_vars if you want the config to reference only the variable name.

On macOS, you can also omit OP_SERVICE_ACCOUNT_TOKEN and set OP_KEYCHAIN_SERVICE (plus optional OP_KEYCHAIN_ACCOUNT) to read the token from Keychain at startup.

CLI Options

--service-account-token <token>   1Password service account token
--log-level <level>               Log level: error, warn, info, debug (default: info)
--integration-name <name>         Custom integration name for 1Password SDK
--integration-version <version>   Custom integration version

Security & Privacy

Read this before using.

LLM privacy risk -- Secrets retrieved/created may be sent to your LLM provider and could be retained depending on your provider/account settings.
No E2E encryption in MCP -- Secrets are plaintext inside the MCP workflow and in transit to the model. They are encrypted only once stored in 1Password.
Intended use -- Best for automated/disposable credentials (dev DB creds, bot/service accounts, CI tokens).
Avoid high-stakes secrets -- Do not use for banking, primary personal accounts, or other sensitive credentials. Use dedicated automation vaults.
Token security -- Treat the Service Account Token like a master key. Rotate immediately if exposed.
Config files -- Keep MCP config files out of version control (add to .gitignore).
Secret references -- Prefer op://... references over copying raw passwords into prompts or files.
Least privilege -- Use dedicated vaults and limited-scope service accounts for automation workflows.

Development

# Clone and install
git clone https://github.com/CakeRepository/1Password-MCP.git
cd 1Password-MCP
npm install

# Build
npm run build

# Run tests
npm test

# Type-check
npm run lint

# Watch mode (dev)
npm run dev

Project Structure

src/
  index.ts              # Server entrypoint
  types.ts              # Shared type definitions
  logger.ts             # Structured logging (stderr)
  config.ts             # CLI args, env vars, constants
  client.ts             # 1Password SDK client singleton
  utils.ts              # Result helpers, password generation
  tools/                # MCP tool handlers
    index.ts
    vault-list.ts
    item-lookup.ts
    item-delete.ts
    password-create.ts
    password-read.ts
    password-update.ts
    password-generate.ts
    password-generate-memorable.ts
  prompts/              # MCP prompt definitions
    index.ts
  resources/            # MCP resource definitions
    index.ts

See CONTRIBUTING.md for contribution guidelines.

License

Apache License 2.0