Skip to main content

1Password CLI best practices

1Password CLI brings 1Password to your terminal. The following are best practices we recommend when using 1Password CLI.

Use the latest version of 1Password CLI

Practice good software update hygiene and regularly update to the latest version of the 1Password CLI.

You can check for available updates with op update.

Apply the principle of least privilege to your infrastructure secrets

You can follow the principle of least privilege with 1Password Service Accounts, which support restricting 1Password CLI access to only the items required for a given purpose.

Use dedicated vaults with service accounts that are properly scoped for secrets management use cases. Do not grant access to more vaults than needed.

Learn more about managing group and vault permissions using the principle of least privilege.

Use template files when creating items that contain sensitive values

When creating items with op item create we recommend using a JSON template to enter any sensitive values.

Use the latest version of 1Password CLI
Apply the principle of least privilege to your infrastructure secrets
Use template files when creating items that contain sensitive values