- Home
- Skills
- Julianobarbosa
- Claude Code Skills
- 1password Skill
1password-skill_skill
- Python
16
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill julianobarbosa/claude-code-skills --skill 1password-skill- SKILL.md28.0 KB
Overview
This skill guides implementation of 1Password for secrets management across local development, CI/CD, and Kubernetes. It covers op CLI usage, service accounts for automation, Developer Environments for project variables, Python SDK patterns, and Kubernetes integrations. The content focuses on concrete commands, workflows, and integration patterns you can apply immediately.
How this skill works
It explains how to authenticate with the op CLI, read and inject secrets (op read, op run, op inject), manage items and vaults, and create service accounts that use OP_SERVICE_ACCOUNT_TOKEN for non-interactive automation. It also documents Developer Environments tooling (TypeScript/Bun and Python SDK) for storing environment variables and patterns to export templates, inject into processes, and resolve secrets at runtime with a SecretsManager. Kubernetes integration options include the 1Password Operator and External Secrets Operator.
When to use it
- Retrieving secrets for local development or CI pipelines using op read, op run, or op inject
- Automating CI/CD deployments with service accounts and OP_SERVICE_ACCOUNT_TOKEN
- Managing project environment variables centrally using Developer Environments
- Syncing secrets into Kubernetes using External Secrets Operator or native 1Password Operator
- Resolving secrets at runtime inside Python apps with the Python SDK SecretsManager
Best practices
- Use service accounts for automation and store the token in your platform's secret store (never in repo)
- Prefer Developer Environments for project-wide environment variables and export op:// reference templates for injection
- Use op run --env-file for ephemeral injection instead of persisting secrets to disk when possible
- Choose the Python SDK for Python apps to avoid subprocess overhead and enable async batch resolution
- Limit service account scope to required vault permissions and track created accounts
Example use cases
- Local dev: export an op:// .env.tpl and run op run --env-file .env.tpl -- python app.py to inject secrets
- CI/CD: create a service account, set OP_SERVICE_ACCOUNT_TOKEN in the runner, and use load-secrets-action to populate env vars
- Kubernetes: sync vault items to cluster secrets using External Secrets Operator or install the 1Password Kubernetes Operator
- Runtime secret resolution: use SecretsManager.get_many() in a FastAPI app to fetch and cache multiple secrets efficiently
- Environment management: create, update, export, and delete Developer Environments with the provided CLI tools to standardize configs
FAQ
Use the Python SDK for native async calls inside Python applications, batch resolution with resolve_all(), and to avoid spawning subprocesses. Use the op CLI for shell scripts, ad-hoc tasks, or TypeScript/Bun tools.
How do I avoid exposing secrets in CI logs?
Use op run or the 1Password load-secrets action to inject secrets as environment variables and mark secrets as masked in CI. Never print secret values to logs and avoid checking generated .env files into version control.