Skip to main content
Use 1Password to store sensitive data like passwords and API keys. Values are retrieved at runtime without exposing secrets in your workflow.

Setup

Create an Item in 1Password

  1. Go to my.1password.com
  2. Open an existing vault or click New Vault to create one
  3. Click New Item and choose a category (e.g. Login or Password)
  4. Fill in the fields you want to retrieve (e.g. a field named password)
  5. Save the item and note the vault name, item name, and field name — you’ll use these in secure_parameters

Get Service Account Token

  1. Go to my.1password.com
  2. Create a service account
  3. Copy the token

Configure Environment

Add it directly on the Integrations page of the dashboard, or if you are running locally, add to your .env file: 
OP_SERVICE_ACCOUNT_TOKEN=your_service_account_token

Usage

Move parameters from input_parameters to secure_parameters: Before: 
{
  "input_parameters": {
    "password": ["password_value"]
  }
}
After: 
{
  "secure_parameters": {
    "password": [{
      "onepassword": {
        "vault_name": "my_vault",
        "item_name": "my_login",
        "field_name": "password"
      }
    }]
  }
}

Properties

PropertyDescription
vault_name1Password vault name
item_nameItem name in vault
field_nameField to retrieve
typeSet to "totp_secret" to generate TOTP codes
digitsRequired when type is "totp_secret" (e.g., 6)

TOTP from 1Password

Retrieve TOTP secret and generate codes: 
{
  "secure_parameters": {
    "auth_code": [{
      "onepassword": {
        "type": "totp_secret",
        "vault_name": "vault",
        "item_name": "login",
        "field_name": "totp_secret",
        "digits": 6
      }
    }]
  }
}
See TOTP Integration for more 2FA options.

Revoking Access

Revoke the service account token anytime from the 1Password dashboard.