Notre avis
Permet à un agent IA de récupérer et gérer des secrets depuis 1Password à l'aide de la CLI op.
Points forts
- Utilise l'authentification par compte de service pour un accès sécurisé
- Permet de lister, lire et générer des codes OTP
- Fournit une sortie JSON structurée pour une utilisation programmatique
Limites
- Nécessite l'installation et la configuration de la CLI op avec un compte de service
- Toutes les commandes doivent spécifier le coffre explicitement
- Ne permet pas de créer ou modifier des secrets, uniquement de les lire
Quand vous avez besoin de récupérer des mots de passe, clés API ou codes OTP stockés dans 1Password lors d'une session de développement ou de dépannage.
Quand vous devez écrire ou mettre à jour des secrets, ou lorsqu'aucun compte de service 1Password n'est disponible.
Analyse de sécurité
PrudenceThe skill legitimately manages secrets via the 1Password CLI, but its use of Bash and ability to output plain-text secrets warrants caution to prevent unintended exposure.
- •Uses Bash to execute 1Password CLI commands that can expose sensitive secrets in standard output or logs.
- •Does not explicitly implement safeguards to prevent leakage of secrets beyond the requested action.
Exemples
What vaults are available in my 1Password account?Retrieve the password for my AWS account from the 'Personal' vault.What is the current two-factor authentication code for my GitHub account?name: op description: Manage 1Password secrets. Use when user wants to list, get, or read passwords, OTP codes, API keys, or other secrets from 1Password. user-invocable: true argument-hint: "[action or natural language request]" allowed-tools: Bash
1Password CLI (op)
Manage secrets in 1Password using the op command. Authenticated via service account.
User Request
$ARGUMENTS
Commands Reference
Important: Service accounts require --vault on every command. Before running any item commands, discover the available vault name first:
op vault list --format=json
Then use the vault name from the response in all subsequent commands.
List Items
# List all items in vault
op item list --vault "VAULT_NAME" --format=json
# Long format (with categories, dates)
op item list --vault "VAULT_NAME" --long --format=json
# Filter by category
op item list --vault "VAULT_NAME" --categories Login --format=json
op item list --vault "VAULT_NAME" --categories "API Credential" --format=json
# Filter by tags
op item list --vault "VAULT_NAME" --tags production --format=json
# Filter favorites only
op item list --vault "VAULT_NAME" --favorite --format=json
Get Item Details
# Full item details
op item get "Item Title" --vault "VAULT_NAME" --format=json
# Get OTP (one-time password / 2FA code)
op item get "Item Title" --vault "VAULT_NAME" --otp
# Get specific fields
op item get "Item Title" --vault "VAULT_NAME" --fields label=username --format=json
op item get "Item Title" --vault "VAULT_NAME" --fields label=password --format=json
op item get "Item Title" --vault "VAULT_NAME" --fields label=username,label=password --format=json
# Get fields by type
op item get "Item Title" --vault "VAULT_NAME" --fields type=CONCEALED --format=json
Read Individual Secret
# Read a specific field value directly
op read "op://VAULT_NAME/Item Title/username"
op read "op://VAULT_NAME/Item Title/password"
op read "op://VAULT_NAME/Item Title/Section Name/field"
List Vaults
op vault list --format=json
JSON Response Structures
op vault list --format=json:
[
{"id": "abc123...", "name": "My Vault", "content_version": 42}
]
op item list --format=json:
[
{
"id": "abc123...",
"title": "Example Service",
"version": 1,
"vault": {"id": "xyz...", "name": "My Vault"},
"category": "LOGIN",
"last_edited_by": "...",
"created_at": "2025-01-01T00:00:00Z",
"updated_at": "2025-01-02T00:00:00Z",
"additional_information": "user@example.com",
"urls": [{"primary": true, "href": "https://example.com"}]
}
]
op item get --format=json:
{
"id": "abc123...",
"title": "Example Service",
"category": "LOGIN",
"vault": {"id": "xyz...", "name": "My Vault"},
"fields": [
{
"id": "username",
"type": "STRING",
"purpose": "USERNAME",
"label": "email",
"value": "user@example.com",
"reference": "op://My Vault/Example Service/email"
},
{
"id": "password",
"type": "CONCEALED",
"purpose": "PASSWORD",
"label": "password",
"value": "secret_value",
"reference": "op://My Vault/Example Service/password"
},
{
"id": "TOTP_xxx",
"type": "OTP",
"label": "one-time password",
"value": "otpauth://totp/...",
"totp": "123456"
}
],
"urls": [{"primary": true, "href": "https://example.com"}]
}
op item get --otp:
Returns just the 6-digit TOTP code as plain text (e.g., 182448).
op item get --fields --format=json:
[
{"id": "username", "type": "STRING", "label": "email", "value": "user@example.com"},
{"id": "password", "type": "CONCEALED", "label": "password", "value": "secret_value"}
]
Important Notes
- Service account requires
--vault— always discover vault name viaop vault listfirst, then use it in all commands --otpreturns plain text — do not combine with--format=json- OTP field in JSON — when getting full item, the current TOTP code is in the
totpkey of OTP-type fields - Categories: Login, Password, API Credential, Secure Note, Database, SSH Key, Credit Card, Identity, Document, Server, Software License
Instructions
- Parse the user's natural language request to determine what they need
- First, run
op vault list --format=jsonto discover the available vault name(s) - Determine the appropriate
opcommand, using the discovered vault name - Always use
--format=jsonexcept for--otp(which returns plain text) - Execute the command via Bash
- Parse the JSON response and present results clearly to the user
- For OTP requests, just return the code prominently
- For credential requests, format as a clear key-value list
- Never log or echo secrets unnecessarily — only show what was requested
If the request is ambiguous, ask for clarification.
Auditeur de Securite
Securite
Analyse le code pour detecter les vulnerabilites OWASP Top 10.
Checklist de Sécurité OWASP
Securite
Génère des checklists de sécurité applicative basées sur l'OWASP Top 10.
Modélisation de Menaces
Securite
Génère des documents de modélisation de menaces avec analyse STRIDE.