New260+ blocks and 240+ tools are now fully documented
DocumentationReferenceTool IntegrationsSecurity & Identity
Tool

1Password Tools

List vaults, list items, and fetch item details from a 1Password Connect server.

The 1Password tools let a workflow read secrets and items from a self-hosted 1Password Connect server. Use them to discover vaults, enumerate the items in a vault, and retrieve the full details of a single item at run time instead of hardcoding credentials.

Overview

PropertyValue
Provideronepassword
Categorytools
AuthBearer Token (1Password Connect access token)

All three tools call the 1Password Connect REST API. The connectUrl you supply points at your own Connect server (e.g. https://connect.example.com); a trailing slash is stripped automatically. Every request sends Authorization: Bearer <apiKey> and Content-Type: application/json.

Operations

OperationTool IDDescription
List vaultsonepassword_list_vaultsList the vaults available on a 1Password Connect server
List itemsonepassword_list_itemsList the items inside a 1Password vault
Get itemonepassword_get_itemGet the full details of a single item from a 1Password vault

Configuration

onepassword_list_vaults

Calls GET {connectUrl}/v1/vaults.

ParameterTypeRequiredDescription
apiKeystringYesSecret. 1Password Connect access token (sent as a Bearer token). Visibility: user-only.
connectUrlstringYes1Password Connect server URL (e.g. https://connect.example.com). Visibility: user-only.

onepassword_list_items

Calls GET {connectUrl}/v1/vaults/{vaultId}/items.

ParameterTypeRequiredDescription
apiKeystringYesSecret. 1Password Connect access token (sent as a Bearer token). Visibility: user-only.
connectUrlstringYes1Password Connect server URL (e.g. https://connect.example.com). Visibility: user-only.
vaultIdstringYesID of the vault to list items from. Visibility: user-or-llm.

onepassword_get_item

Calls GET {connectUrl}/v1/vaults/{vaultId}/items/{itemId}.

ParameterTypeRequiredDescription
apiKeystringYesSecret. 1Password Connect access token (sent as a Bearer token). Visibility: user-only.
connectUrlstringYes1Password Connect server URL (e.g. https://connect.example.com). Visibility: user-only.
vaultIdstringYesID of the vault containing the item. Visibility: user-or-llm.
itemIdstringYesID of the item to retrieve. Visibility: user-or-llm.

Outputs

onepassword_list_vaults

  • data (json) — Array of 1Password vault objects.
  • metadata (json) — List metadata.
    • metadata.count (number) — Number of vaults returned.

onepassword_list_items

  • data (json) — Array of 1Password item summary objects.
  • metadata (json) — List metadata.
    • metadata.count (number) — Number of items returned.

onepassword_get_item

  • data (json) — The full 1Password item object.
  • metadata (json) — Item identifiers.
    • metadata.id (string) — Item ID.

YAML Example

onepassword_1:
  type: onepassword
  name: "1Password"
  inputs:
    operation: "onepassword_list_vaults"
    connectUrl: "https://connect.example.com"
    apiKey: "{{ONEPASSWORD_CONNECT_TOKEN}}"
  connections:
    outgoing:
      - target: next-block-id

Get a specific item (chaining a vault ID and item ID from earlier blocks):

onepassword_get:
  type: onepassword
  name: "1Password"
  inputs:
    operation: "onepassword_get_item"
    connectUrl: "https://connect.example.com"
    apiKey: "{{ONEPASSWORD_CONNECT_TOKEN}}"
    vaultId: "{{onepassword_1.data}}"
    itemId: "abc123itemid"
  connections:
    outgoing:
      - target: next-block-id

Tips

  • Self-hosted Connect required. These tools talk to a 1Password Connect server, not the consumer 1Password app or web account. Deploy Connect and issue an access token first; set connectUrl to that server (the consumer my.1password.com endpoint will not work).
  • Store the token as a secret. The apiKey is the Connect access token (marked password in the block and user-only visibility). Reference it via an environment variable like {{ONEPASSWORD_CONNECT_TOKEN}} rather than pasting it inline, and scope the token to only the vaults the workflow needs.
  • Discover IDs in order. Run onepassword_list_vaults to get vault IDs, feed a vault ID into onepassword_list_items to get item IDs, then pass both into onepassword_get_item. vaultId and itemId are user-or-llm, so an agent can resolve them, but the access token (apiKey) and connectUrl must be configured by the user.