Skip to main content
Use 1Password to store sensitive data like passwords and API keys. Values are retrieved at runtime without exposing secrets in your automation definition.

Setup

Get Service Account Token

  1. Go to my.1password.com
  2. Create a service account
  3. Copy the token

Configure Environment

Add to your .env file: 
OP_SERVICE_ACCOUNT_TOKEN=your_service_account_token

Usage

Move parameters from input_parameters to secure_parameters: Before: 
{
  "input_parameters": {
    "password": ["password_value"]
  }
}
After: 
{
  "secure_parameters": {
    "password": [{
      "onepassword": {
        "type": "raw",
        "vault_name": "my_vault",
        "item_name": "my_login",
        "field_name": "password"
      }
    }]
  }
}

Properties

PropertyDescription
type"raw" for direct values, "totp_secret" for TOTP codes
vault_name1Password vault name
item_nameItem name in vault
field_nameField to retrieve
digitsRequired for totp_secret (e.g., 6)

TOTP from 1Password

Retrieve TOTP secret and generate codes: 
{
  "secure_parameters": {
    "auth_code": [{
      "onepassword": {
        "type": "totp_secret",
        "vault_name": "vault",
        "item_name": "login",
        "field_name": "totp_secret",
        "digits": 6
      }
    }]
  }
}
See TOTP Integration for more 2FA options.

Revoking Access

Revoke the service account token anytime from the 1Password dashboard.