npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@takescake/1password-mcp

v2.0.3

Published

MCP server for 1Password service accounts — tools, prompts, and resources for vault and credential management

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

takescaketakescake

Keywords

mcpmodel-context-protocol1passwordpassword-managersecretsvaultservice-account

Readme

1Password MCP Server

CI npm License MCP Badge

A community-built Model Context Protocol (MCP) server that connects MCP-compatible AI clients (Claude Desktop, VS Code Copilot, OpenAI Codex, Gemini, etc.) to 1Password vaults via a Service Account.

Not an official 1Password product. This is a community project.

Features

Tools (8)

| Tool | Description | |------|-------------| | vault_list | List all accessible vaults | | item_lookup | Search items by title in a vault | | item_delete | Delete an item from a vault | | password_create | Create a new password/login item | | password_read | Retrieve a password via secret reference (op://vault/item/field) or vault/item ID | | password_update | Rotate/update an existing password | | password_generate | Generate a cryptographically secure random password | | password_generate_memorable | Generate a memorable passphrase from ~500 dictionary words |

Prompts (4)

| Prompt | Description | |--------|-------------| | generate-secure-password | Guided workflow to generate and store a secure password | | credential-rotation | Step-by-step credential rotation: read, generate, update, verify | | vault-audit | Audit vault contents: list items, categorize, flag concerns | | secret-reference-helper | Construct op://vault/item/field references interactively |

Resources (3)

| Resource URI | Description | |-------------|-------------| | 1password://config | Current server configuration (non-secret) | | 1password://vaults | Browsable list of all accessible vaults | | 1password://vaults/{vaultId}/items | Browsable list of items in a vault |

Quick Start

Prerequisites

Claude Desktop / VS Code / IDEs (JSON)

{
  "mcpServers": {
    "1password": {
      "command": "npx",
      "args": ["-y", "@takescake/1password-mcp"],
      "env": {
        "OP_SERVICE_ACCOUNT_TOKEN": "YOUR_SERVICE_ACCOUNT_TOKEN"
      }
    }
  }
}

OpenAI Codex (TOML)

Option A (stores the token in config):

[mcp_servers."1password"]
command = "npx"
args = ["-y", "@takescake/1password-mcp"]

[mcp_servers."1password".env]
OP_SERVICE_ACCOUNT_TOKEN = "YOUR_SERVICE_ACCOUNT_TOKEN"

Option B (recommended: does NOT store the token in Codex config):

[mcp_servers."1password"]
command = "npx"
args = ["-y", "@takescake/1password-mcp"]
env_vars = ["OP_SERVICE_ACCOUNT_TOKEN"]

Then set OP_SERVICE_ACCOUNT_TOKEN in your shell/session/CI environment.

Note: codex mcp add ... --env OP_SERVICE_ACCOUNT_TOKEN=... writes the token into Codex config. Use env_vars if you want the config to reference only the variable name.

CLI Options

--service-account-token <token>   1Password service account token
--log-level <level>               Log level: error, warn, info, debug (default: info)
--integration-name <name>         Custom integration name for 1Password SDK
--integration-version <version>   Custom integration version

Security & Privacy

Read this before using.

  • LLM privacy risk -- Secrets retrieved/created may be sent to your LLM provider and could be retained depending on your provider/account settings.
  • No E2E encryption in MCP -- Secrets are plaintext inside the MCP workflow and in transit to the model. They are encrypted only once stored in 1Password.
  • Intended use -- Best for automated/disposable credentials (dev DB creds, bot/service accounts, CI tokens).
  • Avoid high-stakes secrets -- Do not use for banking, primary personal accounts, or other sensitive credentials. Use dedicated automation vaults.
  • Token security -- Treat the Service Account Token like a master key. Rotate immediately if exposed.
  • Config files -- Keep MCP config files out of version control (add to .gitignore).
  • Secret references -- Prefer op://... references over copying raw passwords into prompts or files.
  • Least privilege -- Use dedicated vaults and limited-scope service accounts for automation workflows.

Development

# Clone and install
git clone https://github.com/CakeRepository/1Password-MCP.git
cd 1Password-MCP
npm install

# Build
npm run build

# Run tests
npm test

# Type-check
npm run lint

# Watch mode (dev)
npm run dev

Project Structure

src/
  index.ts              # Server entrypoint
  types.ts              # Shared type definitions
  logger.ts             # Structured logging (stderr)
  config.ts             # CLI args, env vars, constants
  client.ts             # 1Password SDK client singleton
  utils.ts              # Result helpers, password generation
  tools/                # MCP tool handlers
    index.ts
    vault-list.ts
    item-lookup.ts
    item-delete.ts
    password-create.ts
    password-read.ts
    password-update.ts
    password-generate.ts
    password-generate-memorable.ts
  prompts/              # MCP prompt definitions
    index.ts
  resources/            # MCP resource definitions
    index.ts

See CONTRIBUTING.md for contribution guidelines.

License

Apache License 2.0