1Password

1Password

The 1password backend uses the 1Password Secrets Automation SDK with a service account token. It is read-only.

Global config

backends:
  1password:
    token: ops_...    # service account token

Store the token in a secure location — do not commit it. You can also pass it via the OP_SERVICE_ACCOUNT_TOKEN environment variable.

`.envoke` usage

namespaces:
- name: stripe-test
  backend: 1password

The namespace name must match the vault name (or item title, depending on your configuration) in 1Password.

Service account setup

In 1Password, go to Integrations → Service Accounts.
Create a service account with read access to the relevant vaults.
Copy the token into your global config or environment.

AWS Secrets Manager Shell