1Password CLI
Install
bash
brew install 1password-cli op --version
Setup
- •Open and unlock the 1Password desktop app
- •Settings > Developer > "Integrate with 1Password CLI"
- •Verify:
op vault list(will prompt for auth in the app)
Workflow
- •Check
op --versionis installed - •Confirm desktop app integration is enabled and the app is unlocked
- •Sign in:
op signin(orop signin --account <shorthand>for multi-account) - •Verify:
op whoami
Common Commands
bash
# Auth
op signin
op signin --account <shorthand|signin-address|account-id>
op whoami
op account list
# Read secrets
op read op://vault/item/field
op read "op://vault/item/one-time password?attribute=otp"
op read --out-file ./key.pem op://vault/server/ssh/key.pem
# Run with injected secrets
export DB_PASSWORD="op://app-prod/db/password"
op run -- printenv DB_PASSWORD
op run --env-file="./.env" -- your-command
# Inject into templates
echo "db_password: {{ op://vault/db/password }}" | op inject
op inject -i config.yml.tpl -o config.yml
Multi-Account
Use --account flag or OP_ACCOUNT env var to target a specific account.
Guardrails
- •Never paste secrets into logs, chat, or code
- •Prefer
op run/op injectover writing secrets to disk - •If "account is not signed in", re-run
op signinand authorize in the app