- Home
- MCP servers
- 1Password
1Password
- typescript
2
GitHub Stars
typescript
Language
4 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
Installation
Add the following to your MCP client configuration file.
Configuration
View docs{
"mcpServers": {
"cakerepository-1password-mcp": {
"command": "npx",
"args": [
"-y",
"@takescake/1password-mcp"
],
"env": {
"OP_SERVICE_ACCOUNT_TOKEN": "YOUR_SERVICE_ACCOUNT_TOKEN"
}
}
}
}You can connect MCP-compatible AI clients to your 1Password vaults using a community-built MCP server. It enables secure, programmatic access to vaults and items through predefined tools and prompts, letting you automate password management and vault operations from your AI workflows while using a Service Account for authentication.
How to use
You will run the MCP server with a client that supports the MCP protocol. The server exposes a set of tools to manage vaults and passwords, and provides prompts to guide common workflows such as generating secure passwords, rotating credentials, auditing vault contents, and constructing secret references. To start, configure your MCP client to connect to the 1Password MCP server using the provided runtime command and environment variable for authentication. Once connected, you can list accessible vaults, search for items by title, create and delete items, read and rotate passwords, generate new passwords, and generate memorable passphrases as needed.
How to install
Prerequisites you need before setting up the server are: I. Node.js version 18 or newer II. A 1Password Service Account token to authenticate with your vaults.
Install and run the MCP server using the runtime configuration shown for JSON and TOML setups. Use the exact commands and environment variables as described below.
{
"mcpServers": {
"1password": {
"command": "npx",
"args": ["-y", "@takescake/1password-mcp"],
"env": {
"OP_SERVICE_ACCOUNT_TOKEN": "YOUR_SERVICE_ACCOUNT_TOKEN"
}
}
}
}
[mcp_servers."1password"]
command = "npx"
args = ["-y", "@takescake/1password-mcp"]
env = {"OP_SERVICE_ACCOUNT_TOKEN": "YOUR_SERVICE_ACCOUNT_TOKEN"}
The following are recommended options for storing the token in different clients. In some cases you may prefer not to store the token directly in the client config.
### Claude Desktop / VS Code / IDEs (JSON)
```json
{
"mcpServers": {
"1password": {
"command": "npx",
"args": ["-y", "@takescake/1password-mcp"],
"env": {
"OP_SERVICE_ACCOUNT_TOKEN": "YOUR_SERVICE_ACCOUNT_TOKEN"
}
}
}
}
### OpenAI Codex (TOML) Option A stores the token in config
```toml
[mcp_servers."1password"]
command = "npx"
args = ["-y", "@takescake/1password-mcp"]
[mcp_servers."1password".env]
OP_SERVICE_ACCOUNT_TOKEN = "YOUR_SERVICE_ACCOUNT_TOKEN"
### OpenAI Codex (TOML) Option B uses env var reference
```toml
[mcp_servers."1password"]
command = "npx"
args = ["-y", "@takescake/1password-mcp"]
env_vars = ["OP_SERVICE_ACCOUNT_TOKEN"]
Then set OP_SERVICE_ACCOUNT_TOKEN in your shell/session/CI environment.
CLI options you may use when starting or configuring the MCP server include: --service-account-token, --log-level, --integration-name, and --integration-version. Provide the token via the environment variable OP\_SERVICE\_ACCOUNT\_TOKEN or through the config shown above.
## Additional sections
Security and privacy considerations are important when using the MCP server. Secrets retrieved or created may be transmitted to your large language model provider and stored according to your provider’s policies. There is no end-to-end encryption inside the MCP workflow; secrets are plaintext during transit and only encrypted when stored in 1Password. Use dedicated automation vaults for automation credentials and rotate service tokens if exposed. Keep MCP config files out of version control and prefer secret references using op:// URLs rather than copying raw passwords into prompts.
Development workflow guidelines indicate how to set up and run the project locally. You can clone the repository, install dependencies, build, test, lint, and run in watch mode for development. Use the following sequence to work with the project locally.
git clone https://github.com/CakeRepository/1Password-MCP.git cd 1Password-MCP npm install
Build
npm run build
Run tests
npm test
Type-check
npm run lint
Watch mode (dev)
npm run dev
## Available tools
### vault\_list
List all accessible vaults for the connected service account.
### item\_lookup
Search items by title within a vault to find specific credentials or notes.
### item\_delete
Delete an item from a vault securely.
### password\_create
Create a new password/login item in a selected vault.
### password\_read
Retrieve a password via a secret reference like op://vault/item/field or by item ID.
### password\_update
Rotate or update an existing password to a new value.
### password\_generate
Generate a cryptographically secure random password.
### password\_generate\_memorable
Generate a memorable passphrase from a large dictionary of words.