Connect concepts
Learn about the concepts involved with 1Password Connect.
Connect servers
A Connect server is a tool you can deploy in your network that allows you to manage and sync 1Password items from within your infrastructure.
Credentials
There are two important pieces of information for authenticating Connect servers:
- The
1password-credentials.json
file - The Connect server access token
1password-credentials.json
When you create a Connect server, a credentials file named 1password-credentials.json
is generated uniquely for that Connect server. It contains all the information you need to deploy the Connect server.
Connect server access token
A Connect server access token is an authentication string that allows the Connect server to authenticate with 1Password services, such as the Connect REST API.
When you create a Connect server, you select the vaults that it can access. Connect servers can only access the vaults you explicitly allow them to access through a Connect server token.
Each Connect server can have one or more access tokens, which allows for more fine-tuned access control. Connect server access tokens can only access information in the vaults you grant them access to. This allows you more granular control over the vaults a Connect server deployment can access. For example, you can grant a Connect token access to a specific subset of the vaults the Connect server has access to.
Learn more about how to manage access tokens.
Learn more about 1Password Connect server security.
Connect containers
Each Connect server deployment consists of two Docker containers running in the same network:
Both containers require a shared volume to store an encrypted copy of your data. Learn more about configuring your Connect server.
Connect sync container
The Connect sync container keeps information on the Connect server in sync with 1Password.com. View it on Docker Hub: 1password/connect-sync
.
Connect API container
The Connect API container serves Connect REST API. View it on Docker Hub: 1password/connect-api
.
Environment variables
Connect servers have a collection of environment variables you can use to provide information about the Connect server to integrations, such as 1Password CLI or CI/CD pipeline tools. These environment variables are distinct from the configuration environment variables.
Environment variable | Description | Example |
---|---|---|
OP_CONNECT_HOST | Specifies the hostname, IP address, or URL where your Connect server is deployed. | http://localhost:8080 |
OP_CONNECT_TOKEN | Specifies the string value of your Connect server token. | N/A |