1Password SDKs
1Password SDKs allow you to build integrations that programmatically interact with 1Password using Go, JavaScript, or Python. With 1Password SDKs, you can:
- Secure your applications: Load secrets into your code with secret references or read environment variables from 1Password Environments.
- Automate item management: Programmatically manage items in your 1Password account.
- Securely share items: Share items with anyone, whether or not they have a 1Password account.
- Manage vaults and access: Manage your team's vaults and the permissions groups have in them.
- Support biometric authorization: Build local integrations that users authorize with prompts from the 1Password desktop app for human-in-the-loop approval and minimal setup for end users.
- Support automated access: Build integrations that authenticate with service account tokens for least-privilege access and automated environments.
See a full list of supported functionality.
Supported languages
Example integrations
See examples of how our partners have used SDKs to build integrations with 1Password:
Securely load API keys and other secrets stored in 1Password into Postman without exposing any secrets in plaintext.
Learn more
Dynamically import secrets from 1Password into your environment. The provider will return a map of names to Secrets.
Learn moreAbout the current version
1Password SDKs are currently in version 0, which means they can meet the stability and scalability requirements of production use cases. During version 0, expect more frequent releases as we add additional features and languages.
- There is a possibility of breaking changes when you upgrade from one version 0 release to another, for example 0.1.X to 0.2.0. Minor releases (0.1.X to 0.1.Y) will not include breaking changes.
- Integration authors may need to update their code when updating the SDK version. Existing code and integrations won’t be affected, as these will have the SDK pinned at a specific version via package.json (JS), requirements.txt (Python), or go.mod (Go).
- We will provide three months of support and security patches for version 0, so you can upgrade when it makes sense for your workflows and teams.
You can find information about the latest releases in the 1Password SDK release notes.
Get started
Before you get started, you'll need to sign up for a 1Password account.
Step 1: Decide how you want to authenticate
You can choose between two authentication methods for 1Password SDKs: local authorization prompts from the 1Password desktop app or automated authentication with a 1Password Service Account.
- 1Password desktop app: Best for integrations that run locally on a user's machine. Use desktop app authentication if you want minimal setup for end users, human-in-the-loop approval for sensitive workflows, user-specific auditing, if you need access to your full account, or if you need to perform vault management operations.
- Service account: Best for automated access. Use a service account if you want a token-based authentication method that isn't associated with an individual account to automate access, limit your integration to least privilege access, or for shared building. Service accounts can't access your built-in Personal, Private, or Employee vault.
- 1Password desktop app
- Service account
- Install 1Password for Mac, Windows, or Linux.
- Sign in to the account you want to use with your integration.
- Select your account or collection at the top of the sidebar, then navigate to Settings > Developer.
- Under Integrate with the 1Password SDKs, select Integrate with other apps.
- If you want to authenticate with biometrics, navigate to Settings > Security, then turn on the option to unlock using Touch ID, Windows Hello, or system authentication.
Create a service account
Create a 1Password Service Account and give it access to the vaults and Environments you want your integration to be able to access.
To allow your integration to update items, make sure to give the service account both read and write permissions in the appropriate vaults. To allow your integration to share items, also add the share permission.
Provision your service account token
We recommend provisioning your token from the environment. Use the following example to provision your token to an environment variable named OP_SERVICE_ACCOUNT_TOKEN. You can also provision your token in other ways, like by reading it from a file.
- bash, sh, zsh
- fish
- Powershell
Step 2: Install the SDK
Install the SDK in your project.
- Go
- JavaScript
- Python
Step 3: Import the SDK
Import the SDK into your project.
- Go
- JavaScript
- Python
CommonJS
ES Modules
Step 4: Initialize the SDK
When you initialize the SDK, you create a client instance that contains your configuration parameters. For desktop app integrations, you'll need to provide your 1Password account name. For service account authentication, you'll need to provide your service account token.
- 1Password desktop app
- Service account
Replace your-account-name in the code below with your 1Password account name as it appears at the top of the left sidebar in the 1Password app.
You can use the account ID that 1Password CLI returns with op account list --format json. Use the value in the account_uuid field.
Make sure to specify a name and version for your application in place of My 1Password Integration and v1.0.0.
- Go
- JavaScript
- Python
This example prints an error message and exits if initialization fails. Because it writes the error to standard error, it uses Go’s os package, which you’ll need to import in your project. See the complete example in Step 5 for more context.
The 1Password JavaScript SDK is asynchronous and returns Promises. To make sure your code waits for 1Password to respond before moving to the next line, we recommend using the await keyword inside an async function. See the complete example in Step 5 for the full structure.
The Python SDK is asynchronous. To wait for a response from 1Password, use the await keyword inside an async function in your code. See the complete example in Step 5 for the full structure.
In the following example, the SDK gets the service account token string from the OP_SERVICE_ACCOUNT_TOKEN environment variable.
Make sure to specify a name and version for your application in place of My 1Password Integration and v1.0.0.
- Go
- JavaScript
- Python
Step 5: Start building
You can test your setup by building a simple integration that lists all the titles of all the vaults you or the service account has access to.
- 1Password desktop app
- Service account
- Go
- JavaScript
- Python
main.go
See result...
example.js
See result...
example.py
See result...
In the following example, the service account is scoped to a vault titled Development.
- Go
- JavaScript
- Python
main.go
See result...
index.js
See result...
example.py
See result...
Visit the Go, JavaScript, or Python SDK GitHub repositories for more examples.
Get help
To get help with 1Password SDKs, join our Developer Slack workspace and ask a question in the #sdk channel.
To request a new feature or report a bug, file an issue in the appropriate GitHub repo: