Skip to main content

1Password Secrets

Give your AI secure access to 1Password. Never copy-paste an API key into a chat window again. Your AI reads secrets directly from the vault when it needs them. Works with Claude Code, OpenClaw, and any MCP-compatible AI app. Also ships as a Node.js module you can import into your own tools. Fully headless via service accounts … no desktop app, no biometrics, no popups.

Teach Your AI to Use 1Password Secrets

Open your AI and say: 
Read the SKILL.md at github.com/wipcomputer/wip-1password/blob/main/SKILL.md.

Then explain to me:
1. What are these tools?
2. What do they do?
3. What would they change about how we work together?

Then ask me:
- Do you have more questions?
- Do you want to install them?

If I say yes, run: wip-install wipcomputer/wip-1password --dry-run

Show me exactly what will change on my system. When I'm ready, I'll tell you
to install for real.
Your AI will read the repo, explain everything, and do a dry-run install first so you can see exactly what changes before anything is written to your system.

What It Does

  1. Your AI can read and write secrets … API keys, tokens, credentials. No more pasting.
  2. Works in Claude Code out of the box … the connection point hooks up automatically.
  3. Secrets stay off disk … Config files use references, real values only exist in memory.
  4. Debug without exposing secrets … Test connectivity and preview values safely.

Technical Documentation

How It Works

  1. On startup, the resolver service walks openclaw.json and resolves op:// references in memory
  2. On first secret request, the tool reads the service account token from disk
  3. It creates a 1Password SDK client (cached for the session lifetime)
  4. Secrets are resolved via client.secrets.resolve("op://Vault/Item/field")
  5. The SDK talks directly to 1Password’s servers over HTTPS
  6. Secret values exist in memory only … never written to disk or logs
The service account token does not expire (unless you set --expires-in). It survives reboots. No desktop app needed.

Quick Start

1. Install the tool

openclaw plugins install @wipcomputer/wip-1password

2. Set up 1Password

Create a custom vault and service account (service accounts can’t access built-in vaults): 
# Create a vault for AI secrets
op vault create "Agent Secrets"

# Add your API keys
op item create --category "API Credential" --title "OpenAI API" \
  --vault "Agent Secrets" 'api key=YOUR_KEY_HERE'

# Create a read-only service account
op service-account create "OpenClaw Agent" \
  --expires-in 0 \
  --vault "Agent Secrets:read_items"

3. Save the service account token

mkdir -p ~/.openclaw/secrets
echo "ops_..." > ~/.openclaw/secrets/op-sa-token
chmod 600 ~/.openclaw/secrets/op-sa-token

4. Enable the tool

Add to ~/.openclaw/openclaw.json: 
{
  "plugins": {
    "entries": {
      "op-secrets": {
        "enabled": true,
        "config": {
          "defaultVault": "Agent Secrets"
        }
      }
    }
  }
}

5. Test

openclaw op-secrets test

Using op:// References in Config

The tool resolves op://vault/item/field strings in openclaw.json at startup. The real key never appears on disk. 
{
  "someService": {
    "apiKey": "op://Agent Secrets/Some Service/api key"
  }
}
Important: OpenAI API key for memory search. Do NOT put an apiKey in memorySearch.remote. Leave "remote": {} empty. The tool resolves the OpenAI key from 1Password and sets process.env.OPENAI_API_KEY at startup; memory search picks it up from the env var.

AI Tools

op_read_secret … Reads a secret value from 1Password. Parameters: item (required), vault (optional), field (optional, default “api key”). op_list_items … Lists all items in a vault so your AI can discover available secrets. Parameters: vault (optional). op_write_secret … Creates or updates a secret. Requires write_items permission on the service account. Parameters: item (required), value (required), vault (optional), field (optional).

CLI Commands

openclaw op-secrets test                          # Verify 1Password connectivity
openclaw op-secrets read "OpenAI API"             # Read a secret (redacted preview)
openclaw op-secrets resolve ~/.openclaw/openclaw.json  # Dry-run: show which refs would resolve

Limitations

  • auth-profiles.json cannot use op:// refs. This file is loaded by a separate subsystem that the tool can’t hook into. Auth provider tokens must remain as real values in that file.
  • op_write_secret requires write_items permission on the service account. The default setup uses read_items only.
  • Secrets are resolved in memory only. If OpenClaw reloads config from disk mid-session, op:// refs need to be resolved again.

Configuration

Config in openclaw.json under plugins.entries.op-secrets.config:
KeyTypeDefaultDescription
defaultVaultstring"Agent Secrets"Default vault for tool calls
tokenPathstring~/.openclaw/secrets/op-sa-tokenPath to service account token file

Security

  • Service account tokens grant access only to specific vaults you configure
  • The token file is chmod 600 … only the owning user can read it
  • Secret values are never logged, cached, or written to disk by the tool
  • op:// references in config files are safe to commit to version control

Using 1Password in Your Own Projects

Option 1: Use the op CLI (simplest, any language) 
OP_SERVICE_ACCOUNT_TOKEN=$(cat ~/.openclaw/secrets/op-sa-token) \
  op read "op://Agent Secrets/OpenAI API/api key"
Option 2: Use the 1Password JS SDK 
import { createClient } from "@1password/sdk";
import { readFileSync } from "node:fs";

const token = readFileSync(
  `${process.env.HOME}/.openclaw/secrets/op-sa-token`, "utf-8"
).trim();

const client = await createClient({
  auth: token,
  integrationName: "MyProject",
  integrationVersion: "0.1.0",
});

const apiKey = await client.secrets.resolve(
  "op://Agent Secrets/OpenAI API/api key"
);
Option 3: Use the tool’s functions at runtime (OpenClaw AIs only) 
op_read_secret({ item: "OpenAI API", vault: "Agent Secrets", field: "api key" })

License

Dual-license model designed to keep tools free while preventing commercial resellers. 
MIT      All CLI tools, connections, and background integrations (use anywhere, no restrictions).
AGPLv3   Commercial redistribution, marketplace listings, or bundling into paid services.