A community-built Model Context Protocol (MCP) server that connects MCP-compatible AI clients (Claude Desktop, VS Code Copilot, OpenAI Codex, Gemini, etc.) to 1Password vaults via a Service Account.
Not an official 1Password product. This is a community project.
| Tool | Description |
|---|---|
vault_list |
List all accessible vaults |
item_lookup |
Search items by title in a vault |
item_delete |
Delete an item from a vault |
password_create |
Create a new password/login item |
password_read |
Retrieve a password via secret reference (op://vault/item/field) or vault/item ID |
password_update |
Rotate/update an existing password |
password_generate |
Generate a cryptographically secure random password |
password_generate_memorable |
Generate a memorable passphrase from ~500 dictionary words |
| Prompt | Description |
|---|---|
generate-secure-password |
Guided workflow to generate and store a secure password |
credential-rotation |
Step-by-step credential rotation: read, generate, update, verify |
vault-audit |
Audit vault contents: list items, categorize, flag concerns |
secret-reference-helper |
Construct op://vault/item/field references interactively |
| Resource URI | Description |
|---|---|
1password://config |
Current server configuration (non-secret) |
1password://vaults |
Browsable list of all accessible vaults |
1password://vaults/{vaultId}/items |
Browsable list of items in a vault |
- Node.js >= 18
- A 1Password Service Account token
{
"mcpServers": {
"1password": {
"command": "npx",
"args": ["-y", "@takescake/1password-mcp"],
"env": {
"OP_SERVICE_ACCOUNT_TOKEN": "YOUR_SERVICE_ACCOUNT_TOKEN"
}
}
}
}Option A (stores the token in config):
[mcp_servers."1password"]
command = "npx"
args = ["-y", "@takescake/1password-mcp"]
[mcp_servers."1password".env]
OP_SERVICE_ACCOUNT_TOKEN = "YOUR_SERVICE_ACCOUNT_TOKEN"Option B (recommended: does NOT store the token in Codex config):
[mcp_servers."1password"]
command = "npx"
args = ["-y", "@takescake/1password-mcp"]
env_vars = ["OP_SERVICE_ACCOUNT_TOKEN"]Then set OP_SERVICE_ACCOUNT_TOKEN in your shell/session/CI environment.
Note:
codex mcp add ... --env OP_SERVICE_ACCOUNT_TOKEN=...writes the token into Codex config. Useenv_varsif you want the config to reference only the variable name.
--service-account-token <token> 1Password service account token
--log-level <level> Log level: error, warn, info, debug (default: info)
--integration-name <name> Custom integration name for 1Password SDK
--integration-version <version> Custom integration version
Read this before using.
- LLM privacy risk -- Secrets retrieved/created may be sent to your LLM provider and could be retained depending on your provider/account settings.
- No E2E encryption in MCP -- Secrets are plaintext inside the MCP workflow and in transit to the model. They are encrypted only once stored in 1Password.
- Intended use -- Best for automated/disposable credentials (dev DB creds, bot/service accounts, CI tokens).
- Avoid high-stakes secrets -- Do not use for banking, primary personal accounts, or other sensitive credentials. Use dedicated automation vaults.
- Token security -- Treat the Service Account Token like a master key. Rotate immediately if exposed.
- Config files -- Keep MCP config files out of version control (add to
.gitignore). - Secret references -- Prefer
op://...references over copying raw passwords into prompts or files. - Least privilege -- Use dedicated vaults and limited-scope service accounts for automation workflows.
# Clone and install
git clone https://github.com/CakeRepository/1Password-MCP.git
cd 1Password-MCP
npm install
# Build
npm run build
# Run tests
npm test
# Type-check
npm run lint
# Watch mode (dev)
npm run devsrc/
index.ts # Server entrypoint
types.ts # Shared type definitions
logger.ts # Structured logging (stderr)
config.ts # CLI args, env vars, constants
client.ts # 1Password SDK client singleton
utils.ts # Result helpers, password generation
tools/ # MCP tool handlers
index.ts
vault-list.ts
item-lookup.ts
item-delete.ts
password-create.ts
password-read.ts
password-update.ts
password-generate.ts
password-generate-memorable.ts
prompts/ # MCP prompt definitions
index.ts
resources/ # MCP resource definitions
index.ts
See CONTRIBUTING.md for contribution guidelines.