1Password MCP Server: Secure Credential Access for AI Agents

Stop copying and pasting credentials from 1Password every time your AI agent needs to authenticate somewhere. This MCP server bridges your secure credential vault directly to Claude and other AI agents, enabling seamless automated workflows without compromising security.

The Authentication Workflow Problem

You're building AI automations that need to log into services, but you're stuck in this loop:

1. Agent needs credentials for a service
2. You manually open 1Password
3. Copy the credentials
4. Paste them back to the agent
5. Repeat for every service, every session

Meanwhile, your credentials are sitting in 1Password's enterprise-grade vault, but your AI workflows can't access them programmatically.

Direct Vault Integration

This MCP server creates a secure bridge between your 1Password vault and AI agents. Instead of manual credential retrieval, your agents can request credentials by service name directly from your vault.

Before:

You: "Log into TickTick for me"
Claude: "I need your TickTick credentials"
You: [Opens 1Password, copies username/password, pastes back]
Claude: "Thanks, logging in now..."

After:

You: "Get 1Password credentials for ticktick.com and log in"
Claude: [Retrieves credentials from vault, logs in automatically]

Automated Login Flows

When paired with browser automation tools like mcp-browser-use, this becomes particularly powerful. Your AI can:

• Retrieve credentials for any service from your vault
• Navigate to login pages automatically
• Fill forms and complete authentication
• Continue with the intended task

All while your actual credentials never leave the security of your 1Password vault.

Real-World Applications

Development Workflows:

• Deploy applications using staging/production credentials stored in 1Password
• Run automated tests against services requiring authentication
• Set up development environments with proper API keys and tokens

Personal Automation:

• Automate bill payments and account management
• Sync data between authenticated services
• Manage social media accounts and content scheduling

Team Productivity:

• Shared service accounts managed through 1Password's team features
• Consistent credential access across team members' AI workflows
• Audit trail of credential usage through 1Password's logging

Security Architecture

The server uses 1Password's official SDK and service account tokens, maintaining the same security model you already trust. Credentials are retrieved on-demand and never cached or logged by the MCP server.

Your 1Password vault remains the single source of truth, with all existing access controls and audit features intact.

Quick Integration

Install via Smithery:

npx -y @smithery/cli install @dkvdm/onepassword-mcp-server --client claude

Or configure manually in your Claude Desktop config:

{
  "mcpServers": {
    "1Password": {
      "command": "uv",
      "args": ["run", "--with", "mcp[cli]", "--with", "onepassword-sdk", "mcp", "run", "/path/to/server.py"],
      "env": {
        "OP_SERVICE_ACCOUNT_TOKEN": "your-service-account-token"
      }
    }
  }
}

Create a dedicated AI vault in 1Password, add your service credentials, and you're ready to go.

Beyond Basic Credential Retrieval

This server represents a new approach to AI agent authentication - one that doesn't compromise security for convenience. As AI agents become more capable, they need access to the same secure credential infrastructure that human users rely on.

The proof-of-concept nature means you can extend it for specific use cases, add additional security layers, or integrate with other credential management systems using the same MCP pattern.

Your AI workflows shouldn't be limited by manual credential management. This server removes that bottleneck while maintaining the security standards your organization requires.