Agent skill
1password
Manage personal secrets and passwords using 1Password CLI (op). Use when the user asks to query, retrieve, create, or manage secrets in 1Password, 1p, or op. This is for personal secrets only - not for cloud provider secret managers like Azure Key Vault, AWS Secrets Manager, or GCP Secret Manager.
Install this agent skill to your Project
npx add-skill https://github.com/timbuchinger/loadout/tree/main/skills/1password
SKILL.md
1Password CLI
Manage personal secrets and passwords using the 1Password CLI (op).
CRITICAL RULES
- Tag Filter: Only read secrets that have the
agentstag. All queries MUST include--tags agentsfilter. - Confirmation Required: Always confirm with the user before creating or modifying secrets. No confirmation is needed for reading secrets.
Prerequisites
Before using any op commands, ensure:
- 1Password CLI is installed (
op --version) - Desktop app integration is enabled (Settings > Developer > Integrate with 1Password CLI)
- User is signed in (run any command to trigger authentication)
Common Operations
List Items
List items tagged for agent access:
op item list --tags agents
List items by category:
op item list --tags agents --categories Login
op item list --tags agents --categories Password
op item list --tags agents --categories "API Credential"
List items in a specific vault:
op item list --tags agents --vault Personal
Get Item Details
Get full details for an item:
op item get "Item Name" --tags agents
Get specific fields:
op item get "GitHub Token" --tags agents --fields label=username,label=password
Get in JSON format:
op item get "API Key" --tags agents --format json
Get one-time password (OTP):
op item get "Google" --tags agents --otp
Read Secret Values
Use op read with secret references for direct value retrieval:
op read "op://Personal/GitHub Token/password"
op read "op://Personal/API Key/credential"
Secret reference format:
op://vault-name/item-name/[section-name/]field-name
Create Items
ALWAYS confirm with user before creating items.
Create a Login item:
op item create --category=login \
--title='Service Name' \
--vault='Personal' \
--url='https://example.com' \
--tags='agents' \
username='user@example.com' \
password='secure-password'
Create an API Credential:
op item create --category="API Credential" \
--title='Service API' \
--vault='Personal' \
--tags='agents' \
credential='api-key-value'
Create a Password item:
op item create --category=password \
--title='Database Password' \
--vault='Personal' \
--tags='agents' \
password='secure-password'
Create with auto-generated password:
op item create --category=login \
--title='New Service' \
--vault='Personal' \
--tags='agents' \
--url='https://example.com' \
--generate-password='letters,digits,symbols,32' \
username='user@example.com'
Edit Items
ALWAYS confirm with user before editing items.
Edit a field value:
op item edit 'Service Name' 'password=new-password'
Add or update tags (preserving the agents tag):
op item edit 'Service Name' --tags='agents,production,api'
Generate new password:
op item edit 'Service Name' --generate-password='letters,digits,symbols,32'
Delete Items
ALWAYS confirm with user before deleting items.
Delete an item:
op item delete "Old Service"
Archive instead of delete:
op item delete "Old Service" --archive
Output Formats
Human-readable (default):
op item get "Service Name"
JSON format (for parsing):
op item get "Service Name" --format json
Parse with jq:
op item get "Service Name" --format json | jq '.fields[] | select(.label=="password") | .value'
Common Patterns
Find all agent-accessible secrets
op item list --tags agents --format json | jq -r '.[] | "\(.title) (\(.vault.name))"'
Get password for a service
op item get "Service Name" --tags agents --fields label=password --format json | jq -r '.fields[0].value'
Check if an item exists
op item get "Service Name" --tags agents --format json &>/dev/null && echo "exists" || echo "not found"
List all API credentials for agents
op item list --tags agents --categories "API Credential"
Categories
Available item categories:
- API Credential
- Bank Account
- Credit Card
- Database
- Document
- Driver License
- Email Account
- Identity
- Login
- Membership
- Outdoor License
- Passport
- Password
- Reward Program
- Secure Note
- Server
- Social Security Number
- Software License
- Wireless Router
Error Handling
If authentication fails:
op signin
If item not found, verify:
- Item exists in 1Password
- Item has the
agentstag - Correct vault is accessible
- User is properly authenticated
Best Practices
- Always use the
agentstag for items intended for agent access - Confirm destructive operations (create, edit, delete) with user
- Use secret references (
op://...) when injecting secrets into commands - Prefer JSON format when parsing output programmatically
- Use item IDs instead of names for more reliable references
- Specify vault when dealing with multiple vaults to avoid ambiguity
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
brainstorming
Use when creating or developing, before writing code or implementation plans - refines rough ideas into fully-formed designs through collaborative questioning, alternative exploration, and incremental validation. Don't use during clear 'mechanical' processes
add-note
Use this skill whenever important information is learned during a task or when the user explicitly asks to store something. Use when users ask to remember. Triggers on "remember this", "update memory", "share" or any persistent storage request.
user-story
Creates well-structured user stories for software development and project management. Use when the user asks to write, create, or format a user story, or needs to document requirements, features, or tasks in user story format.
test-driven-development
Use when implementing any feature or bugfix, before writing implementation code - write the test first, watch it fail, write minimal code to pass; ensures tests actually verify behavior by requiring failure first
kubernetes-troubleshoot
Troubleshoot and manage Kubernetes clusters, including resource inspection, debugging, pod logs, events, and cluster operations. Use when the user needs to diagnose issues, inspect workloads, analyze pod failures, or perform Kubernetes cluster operations.
writing-plans
Use when design is complete and you need detailed implementation tasks - creates comprehensive implementation plans with exact file paths, complete code examples, and verification steps assuming minimal codebase familiarity
Didn't find tool you were looking for?