1Password Python SDK

Build integrations that programmatically interact with 1Password.

Documentation | Examples

---

Requirements

The 1Password Python SDK is compatible with:

• python 3.9 or later
• libssl 3
• glibc 2.32 or later

If you're running a Linux distribution that still uses libssl version 1.1.1, such as Debian 11 or Ubuntu 20.04, you'll need to update to a later version of Linux or install the required dependencies.

🚀 Get started

You can choose between two authentication methods for the 1Password Python SDK: local authorization prompts from the 1Password desktop app or automated authentication with a 1Password Service Account.

Option 1: 1Password desktop app

1Password desktop app authentication is best for local integrations that require minimal setup from end users and sensitive workflows that require human-in-the-loop approval. To set up the SDK to authenticate with the 1Password app:

1. Install the 1Password desktop app and sign in to your account in the app.

2. Select your account or collection at the top of the sidebar, then navigate to Settings > Developer.

3. Under Integrate with the 1Password SDKs, select Integrate with other apps.

4. If you want to authenticate with biometrics, navigate to Settings > Security, then turn on the option to unlock using Touch ID, Windows Hello, or system authentication.

5. Install the 1Password Python SDK in your project:

   pip install onepassword-sdk

6. To use the Python SDK in your project, replace your-account-name in the code below with the name of your 1Password account as it appears at the top left sidebar of the 1Password desktop app.

import asyncio
import os
from onepassword.client import Client, DesktopAuth

async def main():
    # Connects to 1Password. Fill in your own integration name and version.
    client = await Client.authenticate(
    auth=DesktopAuth(
        # TODO: Set to your 1Password account name.
        account_name="your-account-name"
    ),
    # TODO: Set to your own integration name and version.
    integration_name="My 1Password Integration",
    integration_version="v1.0.0",
)

    # Retrieves a secret from 1Password. Takes a secret reference as input and returns the secret to which it points.
    value = await client.secrets.resolve("op://vault/item/field")
    # use value here

if __name__ == '__main__':
    asyncio.run(main())

Make sure to use secret reference URIs with the syntax op://vault/item/field to securely load secrets from 1Password into your code.

Option 2: 1Password Service Account

Service account authentication is best for automated access and limiting your integration to least privilege access. To set up the SDK to authenticate with a service account token:

1. Create a service account and give it the appropriate permissions in the vaults where the items you want to use with the SDK are saved.

2. Provision your service account token. We recommend provisioning your token from the environment. For example, to export your token to the OP_SERVICE_ACCOUNT_TOKEN environment variable:

   macOS or Linux

   export OP_SERVICE_ACCOUNT_TOKEN=<your-service-account-token>

   Windows

   $Env:OP_SERVICE_ACCOUNT_TOKEN = "<your-service-account-token>"

3. Install the 1Password Python SDK in your project:

   pip install onepassword-sdk

4. Use the Python SDK in your project:

import asyncio
import os
from onepassword.client import Client

async def main():
    # Gets your service account token from the OP_SERVICE_ACCOUNT_TOKEN environment variable.
    token = os.getenv("OP_SERVICE_ACCOUNT_TOKEN")

    # Connects to 1Password. Fill in your own integration name and version.
    client = await Client.authenticate(auth=token, integration_name="My 1Password Integration", integration_version="v1.0.0")

    # Retrieves a secret from 1Password. Takes a secret reference as input and returns the secret to which it points.
    value = await client.secrets.resolve("op://vault/item/field")
    # use value here

if __name__ == '__main__':
    asyncio.run(main())

Make sure to use secret reference URIs with the syntax op://vault/item/field to securely load secrets from 1Password into your code.

Supported functionality

1Password SDKs are in active development. We're keen to hear what you'd like to see next. Let us know by upvoting or filing an issue.

Item management

Operations:

• Retrieve secrets
• Retrieve items
• Create items
• Update items
• Delete items
• Archive items
• List items
• Share items
• Generate PIN, random and memorable passwords

Field types:

• API Keys
• Passwords
• Concealed fields
• Text fields
• Notes
• SSH private keys, public keys, fingerprint and key type
• One-time passwords
• URLs
• Websites (used to suggest and autofill logins)
• Phone numbers
• Credit card types
• Credit card numbers
• Emails
• References to other items
• Address
• Date
• MM/YY
• File attachments and Document items
• Menu
• Passkeys

Vault management

• Retrieve vaults
• Create vaults
• Update vaults
• Delete vaults
• List vaults
• Manage group vault permissions
• Manage user vault permissions

User & access management

• Provision users
• Retrieve users
• List users
• Suspend users
• Retrieve groups
• List groups
• Create groups
• Update group membership

Environments management

• Read 1Password Environments (beta)

Compliance & reporting

• Watchtower insights
• Travel mode
• Events. For now, use 1Password Events Reporting API directly.

Authentication

• 1Password Service Accounts
• User authentication
• 1Password Connect. For now, use 1Password/connect-sdk-python.

📖 Learn more

• Load secrets
• Read 1Password Environments (beta)
• Manage items
• Manage files
• Share items
• List vaults and items
• Manage vaults
• Manage vault permissions
• Manage groups
• 1Password SDK concepts