run
Pass secrets as environment variables to an application or script.
Flags
op run
scans environment variables for secret references, loads the
corresponding secrets from 1Password, then runs the provided command in
a subprocess with the secrets made available as environment variables for
the duration of the subprocess.
To limit which 1Password items processes in your authorized terminal session
can access, move the items you want to use with op run
to a separate vault
and use the command with a service account that only has access to that vault.
Learn more about service accounts.
Learn more about secret references.
If the same environment variable name exists in both the shell and the environment file, the environment file takes precedence.
Secrets printed to stdout or stderr are concealed by default. Include the
--no-masking
flag to turn off masking.
Examples
Print secret value:
Specify an environment file and use it:
Use variables in secret references to switch between different sets of secrets for different environments: