1Password

Provides MCP access to 1Password vaults, enabling automated vault actions and password management through predefined tools and prompts.
  • typescript

2

GitHub Stars

typescript

Language

4 months ago

First Indexed

2 months ago

Catalog Refreshed

Documentation & install

Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "cakerepository-1password-mcp": {
      "command": "npx",
      "args": [
        "-y",
        "@takescake/1password-mcp"
      ],
      "env": {
        "OP_SERVICE_ACCOUNT_TOKEN": "YOUR_SERVICE_ACCOUNT_TOKEN"
      }
    }
  }
}

You can connect MCP-compatible AI clients to your 1Password vaults using a community-built MCP server. It enables secure, programmatic access to vaults and items through predefined tools and prompts, letting you automate password management and vault operations from your AI workflows while using a Service Account for authentication.

How to use

You will run the MCP server with a client that supports the MCP protocol. The server exposes a set of tools to manage vaults and passwords, and provides prompts to guide common workflows such as generating secure passwords, rotating credentials, auditing vault contents, and constructing secret references. To start, configure your MCP client to connect to the 1Password MCP server using the provided runtime command and environment variable for authentication. Once connected, you can list accessible vaults, search for items by title, create and delete items, read and rotate passwords, generate new passwords, and generate memorable passphrases as needed.

How to install

Prerequisites you need before setting up the server are: I. Node.js version 18 or newer II. A 1Password Service Account token to authenticate with your vaults.

Install and run the MCP server using the runtime configuration shown for JSON and TOML setups. Use the exact commands and environment variables as described below.

{
  "mcpServers": {
    "1password": {
      "command": "npx",
      "args": ["-y", "@takescake/1password-mcp"],
      "env": {
        "OP_SERVICE_ACCOUNT_TOKEN": "YOUR_SERVICE_ACCOUNT_TOKEN"
      }
    }
  }
}
[mcp_servers."1password"]
command = "npx"
args = ["-y", "@takescake/1password-mcp"]
env = {"OP_SERVICE_ACCOUNT_TOKEN": "YOUR_SERVICE_ACCOUNT_TOKEN"}

The following are recommended options for storing the token in different clients. In some cases you may prefer not to store the token directly in the client config.

### Claude Desktop / VS Code / IDEs (JSON)

```json
{
  "mcpServers": {
    "1password": {
      "command": "npx",
      "args": ["-y", "@takescake/1password-mcp"],
      "env": {
        "OP_SERVICE_ACCOUNT_TOKEN": "YOUR_SERVICE_ACCOUNT_TOKEN"
      }
    }
  }
}
### OpenAI Codex (TOML) Option A stores the token in config

```toml
[mcp_servers."1password"]
command = "npx"
args = ["-y", "@takescake/1password-mcp"]

[mcp_servers."1password".env]
OP_SERVICE_ACCOUNT_TOKEN = "YOUR_SERVICE_ACCOUNT_TOKEN"
### OpenAI Codex (TOML) Option B uses env var reference

```toml
[mcp_servers."1password"]
command = "npx"
args = ["-y", "@takescake/1password-mcp"]
env_vars = ["OP_SERVICE_ACCOUNT_TOKEN"]

Then set OP_SERVICE_ACCOUNT_TOKEN in your shell/session/CI environment.


CLI options you may use when starting or configuring the MCP server include: --service-account-token, --log-level, --integration-name, and --integration-version. Provide the token via the environment variable OP\_SERVICE\_ACCOUNT\_TOKEN or through the config shown above.

## Additional sections

Security and privacy considerations are important when using the MCP server. Secrets retrieved or created may be transmitted to your large language model provider and stored according to your provider’s policies. There is no end-to-end encryption inside the MCP workflow; secrets are plaintext during transit and only encrypted when stored in 1Password. Use dedicated automation vaults for automation credentials and rotate service tokens if exposed. Keep MCP config files out of version control and prefer secret references using op:// URLs rather than copying raw passwords into prompts.

Development workflow guidelines indicate how to set up and run the project locally. You can clone the repository, install dependencies, build, test, lint, and run in watch mode for development. Use the following sequence to work with the project locally.

git clone https://github.com/CakeRepository/1Password-MCP.git cd 1Password-MCP npm install

Build

npm run build

Run tests

npm test

Type-check

npm run lint

Watch mode (dev)

npm run dev


## Available tools

### vault\_list

List all accessible vaults for the connected service account.

### item\_lookup

Search items by title within a vault to find specific credentials or notes.

### item\_delete

Delete an item from a vault securely.

### password\_create

Create a new password/login item in a selected vault.

### password\_read

Retrieve a password via a secret reference like op://vault/item/field or by item ID.

### password\_update

Rotate or update an existing password to a new value.

### password\_generate

Generate a cryptographically secure random password.

### password\_generate\_memorable

Generate a memorable passphrase from a large dictionary of words.
Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational