Skip to main content

Manage items using 1Password SDKs

You can use 1Password SDKs to read, write, and update secret values stored in your 1Password items. Before you begin, follow the steps to get started with a 1Password SDK.

When managing items, you must use unique identifiers (IDs) in place of vault, item, section, and field names. You can get IDs by listing vaults and items.

You can perform item management operations on supported field types. Some field types have special constraints.

TIP

See the examples folder in the 1Password Go, JavaScript, or Python SDK GitHub repository for example code you can quickly clone and test in your project.

Create an item

To create a new item, specify the parameters for the item and pass the defined item to the Items().Create() method.

The following example creates a Login item with a username, password, one-time password, and a website where 1Password will autofill the credentials.

The value of the one-time password field can be either a one-time password secret or an otpauth:// URI. In this example, the one-time password field is organized beneath a custom section.

Item parameters

Item parameters include:

ParameterDefinition
TitleThe name of the item.
CategoryThe type of item you want to create.
Supported categories Login, SecureNote, CreditCard, CryptoWallet, Identity, Password, Document, ApiCredentials, BankAccount, Database, DriverLicense, Email, MedicalRecord, Membership, OutdoorLicense, Passport, Rewards, Router, Server, SshKey, SocialSecurityNumber, SoftwareLicense, Person
Vault IDThe ID of the vault where you want to create the item.
FieldsThe item fields.
SectionsThe item sections.
NotesThe item notes.
TagsA list of tags to add to the item.
WebsitesAn optional list of websites where 1Password will suggest and fill the login. Only available for Login and Password items.

A section organizes fields in an item under a section title. Section parameters include:

ParameterDescription
Section IDA unique identifier for the section.
Section TitleThe name of the section.

Field parameters include:

ParameterDescription
IDA unique identifier for the field. For fields that are specific to an item category, like username and password for a Login item, use the appropriate built-in field ids.
TitleThe name of the field.
Field typeThe type of field. Some field types have special constraints.
Supported fields Address, Concealed, CreditCardNumber, CreditCardType, Date, Email, Menu, MonthYear, Notes, Phone, Reference, Text, Totp, Url, SSHKey
ValueThe value stored in the field.
Field DetailsOptional for most field types. Required for Address fields.
Section IDOrganizes a field under a section. Required for all fields except built-in fields like username and password. If you create a custom field without a section, 1Password will create an empty section and assign the field to it.

Autofill website parameters include:

ParameterDescription
URLThe URL for the website.
LabelThe name of the website.
Autofill behaviorWhen 1Password will autofill your credentials on the website. Options include:
  • AnywhereOnWebsite: 1Password autofills credentials on any page that’s part of the website, including subdomains.
  • ExactMatch: 1Password autofills credentials only if the domain (hostname and port) is an exact match.
  • Never: 1Password never autofills credentials on this website.
tip

To manage items that include files, learn how to manage files using 1Password SDKs.

Get an item

To get an item, pass the item ID and vault ID for the item to the Items().Get() method.

To get the item created in the first step:

Get a one-time password

You can use 1Password SDKs to get the value stored in a field, like the six-digit one-time password code from a Totp field.

To retrieve and print a one-time password from the item created in the first step:

Update an item

To update an item, fetch the item you want to update, specify the changes you want to make, then pass the updated item to the Items().Put() method.

Archive an item

To archive an item, pass the item ID and vault ID for the item to the Items().Archive() method.

Delete an item

To delete an item, pass the item ID and vault ID for the item to the Items().Delete() method.

Generate a password

You can use the Secrets.GeneratePassword() method to generate a password by passing a PIN, Random, or Memorable password recipe struct, depending on the type of password you want to generate.

Generates a PIN code. You can specify the length of the generated code.

Manage items in bulk

Create items

You can use the Items().CreateAll() method to batch create up to 100 items within a single vault. Learn more about field type constraints.

The following example creates three example items in the vault specified with the vaultId variable. Make sure to set this variable to the unique identifier for the vault where you want to create the items.

Get items

You can use the Items().GetAll() method to fetch up to 50 items from a specified vault using their unique identifiers.

To get the items you created in the previous step:

Delete items

You can use the Items().DeleteAll() method to batch delete a list of items from a specified vault using their unique identifiers. Deleted items remain available in Recently Deleted for 30 days.

To delete the items you created in the previous step:

Appendix: Field type constraints

Some supported field types have special requirements and constraints.

Address

For an Address type item field, the address field's value is built using the address field's details, because address string formats can differ according to the country. You must define which piece of the address each particular string corresponds to so that 1Password can properly create the address string.

To change the value of an Address field, edit the item field details directly, not the field value.

Date

For a Date type item field, the date field's value must be a string formatted as YYYY-MM-DD. For example, 1998-03-15.

MonthYear

For a MonthYear type item field, the value must be a string formatted as MM/YYYY. For example, 10/2000.

Reference

For a Reference type item field, the reference field's value must be the unique identifier (ID) of another item that exists within the same vault. This ID should be a 26 character alphanumeric string. For example, vhn2qfnmizg6rw4iqottczq3fy.

SSH Key

For an SSHKey type item field, the SSH key field's value must be a valid SSH private key – a decrypted, PEM-encoded string. You can use private key strings generated from the source of your choice, or you can generate SSH keys in your SDK language using that language's native support. Currently, if you attempt to pass an encrypted private key, you'll see an error.

SSH key fields can only be added to items with the SSH Key category. You can add one SSH key field per item.

When you create an item with an SSH key field assigned to it, 1Password will generate a public key, fingerprint, and key type which are stored in the SSH key field details.

The following example shows how to generate a valid SSH private key in Go and adds it to a new SSH Key item in 1Password.

TOTP

For a Totp type item field, the TOTP field's value must either be a valid one-time password URL (for example, otpauth://totp/rsnjfceadiejs?secret=e4dw4xrdq34wd3qw3&issuer=vfsrfesfes), or a one-time password seed (for example, e4dw4xrdq34wd3qw3).

Troubleshooting

If you aren't able to create, edit, or delete items and see an error that you "don't have the right permissions to execute this argument," check your service account's permissions in the vault where the items are saved:

  1. Sign in to your account on 1Password.com.
  2. Select Developer in the sidebar.
  3. Choose the service account, then confirm that you see Read & Write next to the vault in the Vaults table.

If your service account only has read access, you'll need to create a new service account with read and write permissions.

1Password.com open to the details of a service account.1Password.com open to the details of a service account.

Learn more

Was this page helpful?