Skillget

1Password-MCP

mcp
Security Audit
Warn
Health Pass
  • License — License: Apache-2.0
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Community trust — 12 GitHub stars
Code Warn
  • fs module — File system access in .github/workflows/publish.yml
  • fs module — File system access in package.json
  • process.env — Environment variable access in src/config.ts
Permissions Pass
  • Permissions — No dangerous permissions requested
Purpose
This is a community-built Model Context Protocol (MCP) server that integrates AI clients (like Claude Desktop or VS Code Copilot) with 1Password vaults. It allows AI assistants to list vaults, generate, read, update, and delete passwords using a 1Password Service Account.

Security Assessment
Overall Risk: Medium. By design, this tool handles highly sensitive data—specifically your 1Password passwords and secrets. It requires an `OP_SERVICE_ACCOUNT_TOKEN` via environment variables to function, which grants it broad access to your vaults. The automated rule-based scan flagged environment variable access and file system operations, which are expected for this type of tool (reading configs and executing the 1Password CLI). There are no hardcoded secrets and no dangerous broad permissions requested. However, because it can execute destructive commands like `item_delete` and `password_update`, trusting an AI agent with this tool carries inherent risk. Always ensure the service account has the absolute minimum permissions necessary, preferably restricted to a separate, dedicated vault.

Quality Assessment
The project appears healthy and actively maintained, with recent repository pushes and an Apache-2.0 license. It has basic community trust established with 12 GitHub stars. It is important to note that this is not an official 1Password product. Users should expect a lower level of support and auditing compared to official software.

Verdict
Use with caution. It handles your most sensitive credentials, so strictly limit its service account permissions and carefully monitor what you ask your AI assistant to do with it.
SUMMARY

1Password MCP server used for storing passwords create separate vault please

README.md

1Password MCP Server

CI
npm
License
MCP Badge

A community-built Model Context Protocol (MCP) server that connects MCP-compatible AI clients (Claude Desktop, VS Code Copilot, OpenAI Codex, Gemini, etc.) to 1Password vaults via a Service Account.

Not an official 1Password product. This is a community project.

Features

Tools (8)

Tool Description
vault_list List all accessible vaults
item_lookup Search items by title in a vault
item_delete Delete an item from a vault
password_create Create a new password/login item
password_read Retrieve a password via secret reference (op://vault/item/field) or vault/item ID
password_update Rotate/update an existing password
password_generate Generate a cryptographically secure random password
password_generate_memorable Generate a memorable passphrase from ~500 dictionary words

Prompts (4)

Prompt Description
generate-secure-password Guided workflow to generate and store a secure password
credential-rotation Step-by-step credential rotation: read, generate, update, verify
vault-audit Audit vault contents: list items, categorize, flag concerns
secret-reference-helper Construct op://vault/item/field references interactively

Resources (3)

Resource URI Description
1password://config Current server configuration (non-secret)
1password://vaults Browsable list of all accessible vaults
1password://vaults/{vaultId}/items Browsable list of items in a vault

Quick Start

Prerequisites

Claude Desktop / VS Code / IDEs (JSON)

{
  "mcpServers": {
    "1password": {
      "command": "npx",
      "args": ["-y", "@takescake/1password-mcp"],
      "env": {
        "OP_SERVICE_ACCOUNT_TOKEN": "YOUR_SERVICE_ACCOUNT_TOKEN"
      }
    }
  }
}

macOS Keychain (JSON)

If you do not want to store the service account token directly in your MCP config, macOS users can store it in Keychain and configure the server to read it at startup instead:

{
  "mcpServers": {
    "1password": {
      "command": "npx",
      "args": ["-y", "@takescake/1password-mcp"],
      "env": {
        "OP_KEYCHAIN_SERVICE": "op-service-account-claude-automation",
        "OP_KEYCHAIN_ACCOUNT": "your-macos-username"
      }
    }
  }
}

Precedence is: CLI arguments (--service-account-token / --token) > OP_SERVICE_ACCOUNT_TOKEN > macOS Keychain lookup. OP_KEYCHAIN_ACCOUNT is optional if your Keychain service name is already unique enough.

OpenAI Codex (TOML)

Option A (stores the token in config):

[mcp_servers."1password"]
command = "npx"
args = ["-y", "@takescake/1password-mcp"]

[mcp_servers."1password".env]
OP_SERVICE_ACCOUNT_TOKEN = "YOUR_SERVICE_ACCOUNT_TOKEN"

Option B (recommended: does NOT store the token in Codex config):

[mcp_servers."1password"]
command = "npx"
args = ["-y", "@takescake/1password-mcp"]
env_vars = ["OP_SERVICE_ACCOUNT_TOKEN"]

Then set OP_SERVICE_ACCOUNT_TOKEN in your shell/session/CI environment.

Note: codex mcp add ... --env OP_SERVICE_ACCOUNT_TOKEN=... writes the token into Codex config. Use env_vars if you want the config to reference only the variable name.

On macOS, you can also omit OP_SERVICE_ACCOUNT_TOKEN and set OP_KEYCHAIN_SERVICE (plus optional OP_KEYCHAIN_ACCOUNT) to read the token from Keychain at startup.

CLI Options

--service-account-token <token>   1Password service account token
--log-level <level>               Log level: error, warn, info, debug (default: info)
--integration-name <name>         Custom integration name for 1Password SDK
--integration-version <version>   Custom integration version

Security & Privacy

Read this before using.

  • LLM privacy risk -- Secrets retrieved/created may be sent to your LLM provider and could be retained depending on your provider/account settings.
  • No E2E encryption in MCP -- Secrets are plaintext inside the MCP workflow and in transit to the model. They are encrypted only once stored in 1Password.
  • Intended use -- Best for automated/disposable credentials (dev DB creds, bot/service accounts, CI tokens).
  • Avoid high-stakes secrets -- Do not use for banking, primary personal accounts, or other sensitive credentials. Use dedicated automation vaults.
  • Token security -- Treat the Service Account Token like a master key. Rotate immediately if exposed.
  • Config files -- Keep MCP config files out of version control (add to .gitignore).
  • Secret references -- Prefer op://... references over copying raw passwords into prompts or files.
  • Least privilege -- Use dedicated vaults and limited-scope service accounts for automation workflows.

Development

# Clone and install
git clone https://github.com/CakeRepository/1Password-MCP.git
cd 1Password-MCP
npm install

# Build
npm run build

# Run tests
npm test

# Type-check
npm run lint

# Watch mode (dev)
npm run dev

Project Structure

src/
  index.ts              # Server entrypoint
  types.ts              # Shared type definitions
  logger.ts             # Structured logging (stderr)
  config.ts             # CLI args, env vars, constants
  client.ts             # 1Password SDK client singleton
  utils.ts              # Result helpers, password generation
  tools/                # MCP tool handlers
    index.ts
    vault-list.ts
    item-lookup.ts
    item-delete.ts
    password-create.ts
    password-read.ts
    password-update.ts
    password-generate.ts
    password-generate-memorable.ts
  prompts/              # MCP prompt definitions
    index.ts
  resources/            # MCP resource definitions
    index.ts

See CONTRIBUTING.md for contribution guidelines.

License

Apache License 2.0

Reviews (0)

No results found