A community-built Model Context Protocol (MCP) server that connects MCP-compatible AI clients (Claude Desktop, VS Code Copilot, OpenAI Codex, Gemini, etc.) to 1Password vaults via a Service Account.
Not an official 1Password product. This is a community project.
| Tool | Description |
|---|---|
vault_list |
List all accessible vaults |
item_lookup |
Search items by title in a vault |
item_delete |
Delete an item from a vault |
password_create |
Create a new password/login item |
password_read |
Retrieve a password via secret reference (op://vault/item/field) or vault/item ID |
password_update |
Rotate/update an existing password |
password_generate |
Generate a cryptographically secure random password |
password_generate_memorable |
Generate a memorable passphrase from ~500 dictionary words |
| Prompt | Description |
|---|---|
generate-secure-password |
Guided workflow to generate and store a secure password |
credential-rotation |
Step-by-step credential rotation: read, generate, update, verify |
vault-audit |
Audit vault contents: list items, categorize, flag concerns |
secret-reference-helper |
Construct op://vault/item/field references interactively |
| Resource URI | Description |
|---|---|
1password://config |
Current server configuration (non-secret) |
1password://vaults |
Browsable list of all accessible vaults |
1password://vaults/{vaultId}/items |
Browsable list of items in a vault |
- Node.js >= 18
- A 1Password Service Account token
{
"mcpServers": {
"1password": {
"command": "npx",
"args": ["-y", "@takescake/1password-mcp"],
"env": {
"OP_SERVICE_ACCOUNT_TOKEN": "YOUR_SERVICE_ACCOUNT_TOKEN"
}
}
}
}If you do not want to store the service account token directly in your MCP config, macOS users can store it in Keychain and configure the server to read it at startup instead:
{
"mcpServers": {
"1password": {
"command": "npx",
"args": ["-y", "@takescake/1password-mcp"],
"env": {
"OP_KEYCHAIN_SERVICE": "op-service-account-claude-automation",
"OP_KEYCHAIN_ACCOUNT": "your-macos-username"
}
}
}
}Precedence is: CLI arguments (--service-account-token / --token) > OP_SERVICE_ACCOUNT_TOKEN > macOS Keychain lookup. OP_KEYCHAIN_ACCOUNT is optional if your Keychain service name is already unique enough.
Option A (stores the token in config):
[mcp_servers."1password"]
command = "npx"
args = ["-y", "@takescake/1password-mcp"]
[mcp_servers."1password".env]
OP_SERVICE_ACCOUNT_TOKEN = "YOUR_SERVICE_ACCOUNT_TOKEN"Option B (recommended: does NOT store the token in Codex config):
[mcp_servers."1password"]
command = "npx"
args = ["-y", "@takescake/1password-mcp"]
env_vars = ["OP_SERVICE_ACCOUNT_TOKEN"]Then set OP_SERVICE_ACCOUNT_TOKEN in your shell/session/CI environment.
Note:
codex mcp add ... --env OP_SERVICE_ACCOUNT_TOKEN=...writes the token into Codex config. Useenv_varsif you want the config to reference only the variable name.
On macOS, you can also omit OP_SERVICE_ACCOUNT_TOKEN and set OP_KEYCHAIN_SERVICE (plus optional OP_KEYCHAIN_ACCOUNT) to read the token from Keychain at startup.
--service-account-token <token> 1Password service account token
--log-level <level> Log level: error, warn, info, debug (default: info)
--integration-name <name> Custom integration name for 1Password SDK
--integration-version <version> Custom integration version
Read this before using.
- LLM privacy risk -- Secrets retrieved/created may be sent to your LLM provider and could be retained depending on your provider/account settings.
- No E2E encryption in MCP -- Secrets are plaintext inside the MCP workflow and in transit to the model. They are encrypted only once stored in 1Password.
- Intended use -- Best for automated/disposable credentials (dev DB creds, bot/service accounts, CI tokens).
- Avoid high-stakes secrets -- Do not use for banking, primary personal accounts, or other sensitive credentials. Use dedicated automation vaults.
- Token security -- Treat the Service Account Token like a master key. Rotate immediately if exposed.
- Config files -- Keep MCP config files out of version control (add to
.gitignore). - Secret references -- Prefer
op://...references over copying raw passwords into prompts or files. - Least privilege -- Use dedicated vaults and limited-scope service accounts for automation workflows.
# Clone and install
git clone https://github.com/CakeRepository/1Password-MCP.git
cd 1Password-MCP
npm install
# Build
npm run build
# Run tests
npm test
# Type-check
npm run lint
# Watch mode (dev)
npm run devsrc/
index.ts # Server entrypoint
types.ts # Shared type definitions
logger.ts # Structured logging (stderr)
config.ts # CLI args, env vars, constants
client.ts # 1Password SDK client singleton
utils.ts # Result helpers, password generation
tools/ # MCP tool handlers
index.ts
vault-list.ts
item-lookup.ts
item-delete.ts
password-create.ts
password-read.ts
password-update.ts
password-generate.ts
password-generate-memorable.ts
prompts/ # MCP prompt definitions
index.ts
resources/ # MCP resource definitions
index.ts
See CONTRIBUTING.md for contribution guidelines.