npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

n8n-nodes-onepassword

v0.1.1

Published

n8n community node to fetch secrets and items from 1Password using a Service Account

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

hansdoehansdoe

Keywords

n8n-community-node-packagen8n1passwordonepasswordsecretsservice-account

Readme

A community node for n8n that fetches secrets and items from 1Password using a Service Account.

Use it to keep secrets out of n8n credentials: store API keys, passwords, and tokens in 1Password, then resolve them at workflow runtime and pass them into downstream nodes via expressions.

API Coverage

The package ships a single action node backed by the official @1password/sdk, covering read-only access to vaults, items, and secret references.

| Resource | Operations | | --- | --- | | Secret | Get | | Item | Get, List | | Vault | List |

Installation

  1. Create a new workflow or open an existing one
  2. Open the nodes panel by selecting + or pressing N
  3. Search for 1Password
  4. Select Install to install the node for your instance

Alternatively, follow the community node installation guide and install n8n-nodes-onepassword.

Credentials

The node uses a 1Password Service Account API credential with one field:

The token is sent only to 1Password's SDK; the node makes no other outbound calls.

Resources & Operations

See the collapsible table above under API Coverage for the full list.

Secret → Get

Resolves an op://Vault/Item/field reference to a single string. Output: { reference, value }.

Item → Get

Fetches a full item by vault ID and item ID. Output flattens fields into two buckets:

  • value — concealed (password-type) fields, keyed by field title.
  • fields — non-concealed fields, keyed by field title.

Item → List

Lists active items in a vault. Output: one row per item with overview metadata (no field values).

Vault → List

Lists vaults the service account can access. Output: one row per vault with overview metadata.

Usage

Pattern: feed a 1Password secret into another n8n credential

n8n evaluates expressions in credential fields at runtime, so a 1Password node placed early in the workflow can supply secrets to any downstream credential.

  1. Add a 1Password node, connect a Service Account credential, set Resource = Secret, Operation = Get, and Reference = op://Production/SlackBot/token.

  2. Add a Slack node downstream. Edit its credential, switch the Bot User OAuth Token field to Expression mode, and enter:

    {{ $('1Password').item.json.value }}

  3. Run the workflow. The Slack call is made with the token resolved from 1Password — nothing is hardcoded in n8n.

This mirrors n8n's official "Set credentials dynamically" template. It works reliably for API key, bearer, basic-auth, and header-auth credential types. OAuth2 flows are unreliable because token exchange happens out-of-band.

Security

Read this before using the node in production.

By design, the value resolved by Secret → Get lives in the upstream node's runData so that downstream expression references can resolve it. On free / community editions of n8n, the secret value is therefore visible in the editor's execution-data panel during runs.

Mitigations, in order of strength:

  1. Disable execution data persistence in workflow settings → Save Data Successful/Failed/Manual Executions → "Do not save". Prevents the secret from being written to the n8n database. Manual editor view during a test run still shows it; production runs do not persist.
  2. sensitiveOutputFields: ['value'] is declared on this node. On n8n Enterprise this triggers automatic redaction of the value field in execution data. On free editions it's a no-op (forward-compatible).
  3. Use n8n's built-in External Secrets instead of this node if you have n8n Enterprise + a 1Password Connect Server. That's the only fully transparent path — secrets never enter runData. This community node fills the gap for users without Enterprise.

Notes (a free-form item field) is not covered by the redaction declaration. If you store secrets in notes, treat the Get Item output as fully sensitive.

Development

git clone https://github.com/hansdoebel/n8n-nodes-onepassword.git
cd n8n-nodes-onepassword
bun install
bun run build
bun run lint

The node depends on @1password/sdk, which provides the official Service Account client used for all API calls.

Resources

License

MIT