1Password MCP Server
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| OP_KEYCHAIN_ACCOUNT | No | The Keychain account name (optional, macOS only) | |
| OP_KEYCHAIN_SERVICE | No | The Keychain service name to retrieve the token from (macOS only) | |
| OP_SERVICE_ACCOUNT_TOKEN | No | Your 1Password Service Account token |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": true
} |
| prompts | {
"listChanged": true
} |
| resources | {
"listChanged": true
} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| vault_listA | List all 1Password vaults accessible to the service account. Returns vault IDs, names, descriptions, and types. |
| item_lookupA | Search for items within a 1Password vault by title substring. Returns item IDs, titles, categories, and vault IDs. |
| item_deleteA | Permanently delete an item from a 1Password vault. This action cannot be undone. |
| password_createA | Create a new password/login item in a 1Password vault with optional username, URL, tags, and notes. |
| password_readA | Retrieve a secret from 1Password using either a secret reference (op://vault/item/field) or vault ID + item ID. Supports field selection and optional value reveal. |
| password_updateA | Update (rotate) a password or concealed field on an existing 1Password item. If the target field does not exist, it will be created. |
| password_generateA | Generate a cryptographically secure random password with configurable length and character types. Uses rejection sampling for unbiased randomness. |
| password_generate_memorableA | Generate a memorable passphrase from random dictionary words with optional number and symbol suffixes. Uses a ~500-word curated list for good entropy. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
| generate-secure-password | Guide through generating a secure password with specific requirements |
| credential-rotation | Step-by-step workflow for rotating a credential stored in 1Password |
| vault-audit | Audit the contents of a 1Password vault — list all items with categories and metadata |
| secret-reference-helper | Help construct an op://vault/item/field secret reference from vault and item names |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
| server-config | Current 1Password MCP server configuration (non-secret values only). |
| vault-list | List of all 1Password vaults accessible to the service account. |
| vault-items | List of items within a specific 1Password vault (metadata only, no secrets). |
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/CakeRepository/1Password-MCP'
If you have feedback or need assistance with the MCP directory API, please join our Discord server