1Password Agent MCP
Provides tools for managing and accessing 1Password items, allowing AI agents to search, approve, and retrieve passwords securely without exposing plaintext to the model.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@1Password Agent MCPGet the login for my AWS console."
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
1Password Agent MCP
Local MCP access to approved 1Password items for AI agents.
The agent can ask for an approved login, receive an encrypted opaque handle, and paste the password into the active app or browser. The model does not receive the plaintext password. The real secret is resolved locally through the 1Password CLI only at copy or paste time.
The repo does not contain any user's 1Password data. Each install connects to that user's own local 1Password CLI and local approval policy.
Not affiliated with or endorsed by 1Password.

Quick Start
Install 1Password Agent MCP from this public GitHub repo:
npm install -g https://github.com/gambadio/onepassword-agent-mcp/archive/refs/tags/v0.1.0.tar.gzCheck your local setup:
onepassword-agent-mcp doctorConfigure the MCP clients you already have installed:
onepassword-agent-mcp setup all --applyStart the local approval console:
onepassword-agent-mcp adminOpen:
http://127.0.0.1:7319Search your 1Password items, approve only the entries your agents may use, and restrict each approval to the websites where it is allowed.
Related MCP server: Agentic Vault
Requirements
Node.js 20+
1Password CLI (
op)1Password desktop app integration, or an
OP_SERVICE_ACCOUNT_TOKENAn MCP client that supports local stdio servers
macOS:
brew install node 1password-cliEnable the 1Password desktop integration:
Open 1Password.
Go to Settings > Developer.
Turn on Integrate with 1Password CLI.
When your agent or terminal asks for access, approve only clients you trust.
What Gets Installed
The package installs one main command:
onepassword-agent-mcpUseful subcommands:
onepassword-agent-mcp admin # start the local approval console
onepassword-agent-mcp mcp # start the stdio MCP server
onepassword-agent-mcp doctor # check Node, op, auth, state, and admin UI
onepassword-agent-mcp setup all # print client setup commands
onepassword-agent-mcp setup all --applyMCP clients should run this server command:
onepassword-agent-mcp mcpYou normally do not run mcp yourself. Claude Code, Codex, Copilot, or another MCP client starts it when needed.
Client Setup
The setup CLI prints a dry run by default:
onepassword-agent-mcp setup allApply the setup automatically where a supported CLI is installed:
onepassword-agent-mcp setup all --applyClaude Code
onepassword-agent-mcp setup claude-code --applyEquivalent command:
claude mcp add --scope user onepassword-agent-mcp -- onepassword-agent-mcp mcpUse another Claude Code scope when you want project-local config instead:
onepassword-agent-mcp setup claude-code --apply --scope localCodex
onepassword-agent-mcp setup codex --applyEquivalent command:
codex mcp add onepassword-agent-mcp -- onepassword-agent-mcp mcpGitHub Copilot In VS Code
onepassword-agent-mcp setup copilot --applyEquivalent VS Code command:
code --add-mcp '{"name":"onepassword-agent-mcp","command":"onepassword-agent-mcp","args":["mcp"]}'If the code command is not in your PATH, create .vscode/mcp.json in your workspace:
{
"servers": {
"onepassword-agent-mcp": {
"type": "stdio",
"command": "onepassword-agent-mcp",
"args": ["mcp"]
}
}
}Other MCP Clients
Print generic MCP JSON:
onepassword-agent-mcp setup generic --jsonGeneric config:
{
"mcpServers": {
"onepassword-agent-mcp": {
"command": "onepassword-agent-mcp",
"args": ["mcp"]
}
}
}Approving Logins
Run
onepassword-agent-mcp admin.Open
http://127.0.0.1:7319.Use Find Logins To Approve.
Search by title, website, vault, or account label.
Click Approve only for entries your agents may use.
Keep or edit the allowed sites before approval.
Approved entries appear under Allowed For Agents. Agents only receive handles for enabled approvals, and allowed-site checks run again at copy and paste time.
What Is "Advanced: add a copied secret reference"?
Most users should ignore it.
Use it only when the importer cannot infer the right field, for example a custom token or non-standard field. In 1Password, copy a secret reference such as:
op://ExampleVault/ExampleLogin/passwordPaste that reference into the advanced form. The local policy stores the reference encrypted. It still does not store the actual password.
What Are "Local Settings"?
Usually you can leave these alone.
1Password CLI path: where theopbinary lives. Default:op.Account: optional 1Password account selector.Default vault: optional vault to search first.Clipboard clear seconds: how quickly copied secrets are cleared.Allow paste without expected site: off by default. Keep it off unless you know why you need it.
How Agents Use It
flowchart LR
User["You approve a login"] --> Policy["Local allow list"]
Agent["MCP agent"] --> Lookup["find_passwords_for_site"]
Lookup --> Handle["Encrypted handle"]
Handle --> Paste["copy_password or paste_password"]
Paste --> Op["1Password CLI resolves secret locally"]
Op --> App["Clipboard or active app"]The model may see a handle like:
opmcp:v1:...It should not see:
your-real-passwordAvailable MCP tools:
onepassword_status: check CLI and local policy status.find_passwords_for_site: return approved encrypted handles for a website.list_approved_passwords: list approved handles and allowed sites.copy_password: resolve a handle and copy the password to the clipboard.paste_password: resolve a handle, copy it, paste into the active app, and return no plaintext.clear_password_clipboard: clear the clipboard.admin_ui_info: return the approval console URL.
Local State
Default state location:
~/.onepassword-mcp/policy.json
~/.onepassword-mcp/key.binUse a different state directory:
ONEPASSWORD_MCP_HOME=/path/to/state onepassword-agent-mcp adminHeadless service-account example:
{
"mcpServers": {
"onepassword-agent-mcp": {
"command": "onepassword-agent-mcp",
"args": ["mcp"],
"env": {
"OP_SERVICE_ACCOUNT_TOKEN": "ops_..."
}
}
}
}Do not commit service account tokens.
Security Model
Protected:
Passwords are not stored by this project.
MCP tools never return plaintext passwords.
Handles and stored 1Password secret references are encrypted locally.
Disabled or deleted approvals invalidate old handles.
Allowed-site checks happen again at copy and paste time.
Still sensitive:
The OS clipboard briefly contains the plaintext password.
The active app receives the password when paste is triggered.
A local process with clipboard access may observe copied secrets.
Any approved agent can use approved entries within the allowed-site policy.
Read docs/SECURITY.md before using this with powerful browser-control agents.
Troubleshooting
Run:
onepassword-agent-mcp doctorCommon fixes:
opmissing: install the 1Password CLI.1Password auth failure: enable desktop CLI integration or set
OP_SERVICE_ACCOUNT_TOKEN.Copilot setup cannot find
code: install the VS Code shell command or use.vscode/mcp.json.Existing MCP entry conflicts: remove the old entry in that client, then run setup again.
Admin UI not running: run
onepassword-agent-mcp admin.
Development
Clone the repo:
git clone https://github.com/gambadio/onepassword-agent-mcp.git
cd onepassword-agent-mcp
npm installRun checks:
npm run build
npm run typecheck
npm testRun locally:
npm run dev:admin
npm run dev:mcpLicense
MIT
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/gambadio/onepassword-agent-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server