run

Pass secrets as environment variables to an application or script.

Flags

op run scans environment variables for secret references, loads the corresponding secrets from 1Password, then runs the provided command in a subprocess with the secrets made available as environment variables for the duration of the subprocess.

To limit which 1Password items processes in your authorized terminal session can access, move the items you want to use with op run to a separate vault and use the command with a service account that only has access to that vault.

Learn more about service accounts.

Learn more about secret references.

If the same environment variable name exists in both the shell and the environment file, the environment file takes precedence.

Secrets printed to stdout or stderr are concealed by default. Include the --no-masking flag to turn off masking.

Examples

Print secret value:

Specify an environment file and use it:

Use variables in secret references to switch between different sets of secrets for different environments: