1password_skill

This skill fetches secrets and manages 1Password items via CLI, asking for secret references and keeping secrets out of shell history.
  • Shell

31

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill steveclarke/dotfiles --skill 1password

  • SKILL.md4.6 KB

Overview

This skill uses the 1Password CLI to fetch, create, and manage secrets without exposing them in plain text. It expects 1Password secret references (op://Vault/Item/field) instead of raw secrets and provides scripts and examples for consistent usage across machines. Use it to safely inject API keys, tokens, passwords, and other credentials into scripts and workflows.

How this skill works

The skill calls the op CLI to read or write item fields using the op read and op item create/edit commands. For reads it accepts the 1Password secret reference format (op://vault/item/field) and returns the secret directly to the calling command or environment variable. For writes it builds op item create or op item edit commands, explicitly specifying field types so non-sensitive values remain visible and secrets are concealed.

When to use it

  • Inject API keys or tokens into CI/CD scripts without storing them in plain text.
  • Log into third-party CLIs, Docker, or cloud tools using secrets kept in 1Password.
  • Create new API credentials, database credentials, or OAuth client entries programmatically.
  • Update or remove template fields and clean up default template cruft.
  • Share consistent secret management patterns across multiple computers.

Best practices

  • Always ask for the 1Password secret reference (op://Vault/Item/field) rather than the secret value.
  • Explicitly declare field types when creating or editing items (text, concealed, url).
  • Only mark true secrets as concealed; store usernames, hosts, ports, and URLs as text or url.
  • Include context and notes in items so others know purpose and usage details.
  • Remove or set default template fields (valid from, expires) to avoid stale data.

Example use cases

  • Run a CLI command with a secret token: some-cli --token "$(op read 'op://Personal/GitHub/token')"
  • Set an environment variable at runtime: export API_KEY="$(op read 'op://Vault/Service/API Key')"
  • Create an OAuth credential via script with explicit field types and notes.
  • Add a database record with server, port, username[text], and password[concealed].
  • Edit an existing item to add a URL[text] and conceal only the password field.

FAQ

Provide the 1Password secret reference in op://vault-name/item-name/field-name format copied from 1Password.

What field type should I use for usernames and URLs?

Use [text] for usernames and other non-sensitive identifiers, and [url] for clickable links; reserve [concealed] for secrets.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
1password skill by steveclarke/dotfiles | VeilStrat