Connect concepts
Learn about the concepts involved with 1Password Connect.
Connect servers
A Connect server is a tool you can deploy in your network that allows you to manage and sync 1Password items from within your infrastructure.
Credentials
There are two important pieces of information for authenticating Connect servers:
- The
1password-credentials.jsonfile - The Connect server token
1password-credentials.json
When you create a Connect server, a credentials file named 1password-credentials.json is generated uniquely for that Connect server instance. It contains all the information you need to deploy the Connect server instance.
Connect server token
A Connect server token is an authentication string that allows the Connect server to authenticate with 1Password services, such as the Connect REST API.
When you create a Connect server, you select the vaults that it can access. Connect servers can only access the vaults you explicitly allow them to access through a Connect server token.
Each Connect server can have one or more Connect server tokens, which allows for more fine-tuned access control. Connect server tokens can only access information in the vaults you granted them access to. This allows you more granular control over the vaults a Connect server deployment can access. For example, you can grant a Connect server token access to a specific subset of the vaults the Connect server has access to.
Learn more about 1Password Connect server security.
Connect containers
Each deployed instance of a Connect server consists of two Docker containers running in the same network:
Both containers require a shared volume to store an encrypted copy of your data. Learn more about configuring your Connect server.
Connect sync container
The Connect sync container keeps information on the Connect server in sync with 1Password.com. View it on Docker Hub: 1password/connect-sync.
Connect API container
The Connect API container serves Connect REST API. View it on Docker Hub: 1password/connect-api.
Environment variables
Connect servers have a collection of environment variables you can use to provide information about the Connect server to integrations, such as 1Password CLI or CI/CD pipeline tools. These environment variables are distinct from the configuration environment variables.
| Environment variable | Description | Example |
|---|---|---|
OP_CONNECT_HOST | Specifies the hostname, IP address, or URL where your Connect server is deployed. | http://localhost:8080 |
OP_CONNECT_TOKEN | Specifies the string value of your Connect server token. | N/A |