1Password
Manage secrets and items in 1Password vaults
1Password is a widely trusted password manager and secrets vault solution, allowing individuals and teams to securely store, access, and share passwords, API credentials, and sensitive information. With robust encryption, granular access controls, and seamless syncing across devices, 1Password supports teams and organizations in managing secrets efficiently and securely.
The 1Password Connect API allows programmatic access to vaults and items within an organization's 1Password account. This integration in Sim lets you automate secret retrieval, onboarding workflows, secret rotation, vault audits, and more, all in a secure and auditable manner.
With 1Password in your Sim workflow, you can:
- List, search, and retrieve vaults: Access metadata or browse available vaults for organizing secrets by project or purpose
- Fetch items and secrets: Get credentials, API keys, or custom secrets in real time to power your workflows securely
- Create, update, or delete secrets: Automate secret management, provisioning, and rotation for enhanced security practices
- Integrate with CI/CD and automation: Fetch credentials or tokens only when needed, reducing manual work and reducing risk
- Ensure access controls: Leverage role-based access and fine-grained permissions to control which agents or users can access specific secrets
By connecting Sim with 1Password, you empower your agents to securely manage secrets, reduce manual overhead, and maintain best practices for security automation, incident response, and DevOps workflows—all while ensuring secrets never leave a controlled environment.
Access and manage secrets stored in 1Password vaults using the Connect API or Service Account SDK. List vaults, retrieve items with their fields and secrets, create new items, update existing ones, delete items, and resolve secret references.
List all vaults accessible by the Connect token or Service Account
| Parameter | Type | Required | Description |
|---|
connectionMode | string | No | Connection mode: "service_account" or "connect" |
serviceAccountToken | string | No | 1Password Service Account token (for Service Account mode) |
apiKey | string | No | 1Password Connect API token (for Connect Server mode) |
serverUrl | string | No | 1Password Connect server URL (for Connect Server mode) |
filter | string | No | SCIM filter expression (e.g., name eq "My Vault") |
| Parameter | Type | Description |
|---|
vaults | array | List of accessible vaults |
↳ id | string | Vault ID |
↳ name | string | Vault name |
↳ description | string | Vault description |
↳ attributeVersion | number | Vault attribute version |
↳ contentVersion | number | Vault content version |
↳ type | string | Vault type (USER_CREATED, PERSONAL, EVERYONE, TRANSFER) |
↳ createdAt | string | Creation timestamp |
↳ updatedAt | string | Last update timestamp |
Get details of a specific vault by ID
| Parameter | Type | Required | Description |
|---|
connectionMode | string | No | Connection mode: "service_account" or "connect" |
serviceAccountToken | string | No | 1Password Service Account token (for Service Account mode) |
apiKey | string | No | 1Password Connect API token (for Connect Server mode) |
serverUrl | string | No | 1Password Connect server URL (for Connect Server mode) |
vaultId | string | Yes | The vault UUID |
| Parameter | Type | Description |
|---|
id | string | Vault ID |
name | string | Vault name |
description | string | Vault description |
attributeVersion | number | Vault attribute version |
contentVersion | number | Vault content version |
items | number | Number of items in the vault |
type | string | Vault type (USER_CREATED, PERSONAL, EVERYONE, TRANSFER) |
createdAt | string | Creation timestamp |
updatedAt | string | Last update timestamp |
List items in a vault. Returns summaries without field values.
| Parameter | Type | Required | Description |
|---|
connectionMode | string | No | Connection mode: "service_account" or "connect" |
serviceAccountToken | string | No | 1Password Service Account token (for Service Account mode) |
apiKey | string | No | 1Password Connect API token (for Connect Server mode) |
serverUrl | string | No | 1Password Connect server URL (for Connect Server mode) |
vaultId | string | Yes | The vault UUID to list items from |
filter | string | No | SCIM filter expression (e.g., title eq "API Key" or tag eq "production") |
| Parameter | Type | Description |
|---|
items | array | List of items in the vault (summaries without field values) |
↳ id | string | Item ID |
↳ title | string | Item title |
↳ vault | object | Vault reference |
↳ id | string | Vault ID |
↳ category | string | Item category (e.g., LOGIN, API_CREDENTIAL) |
↳ urls | array | URLs associated with the item |
↳ href | string | URL |
↳ label | string | URL label |
↳ primary | boolean | Whether this is the primary URL |
↳ favorite | boolean | Whether the item is favorited |
↳ tags | array | Item tags |
↳ version | number | Item version number |
↳ state | string | Item state (ARCHIVED or DELETED) |
↳ createdAt | string | Creation timestamp |
↳ updatedAt | string | Last update timestamp |
↳ lastEditedBy | string | ID of the last editor |
Get full details of an item including all fields and secrets
| Parameter | Type | Required | Description |
|---|
connectionMode | string | No | Connection mode: "service_account" or "connect" |
serviceAccountToken | string | No | 1Password Service Account token (for Service Account mode) |
apiKey | string | No | 1Password Connect API token (for Connect Server mode) |
serverUrl | string | No | 1Password Connect server URL (for Connect Server mode) |
vaultId | string | Yes | The vault UUID |
itemId | string | Yes | The item UUID to retrieve |
| Parameter | Type | Description |
|---|
response | json | Operation response data |
Create a new item in a vault
| Parameter | Type | Required | Description |
|---|
connectionMode | string | No | Connection mode: "service_account" or "connect" |
serviceAccountToken | string | No | 1Password Service Account token (for Service Account mode) |
apiKey | string | No | 1Password Connect API token (for Connect Server mode) |
serverUrl | string | No | 1Password Connect server URL (for Connect Server mode) |
vaultId | string | Yes | The vault UUID to create the item in |
category | string | Yes | Item category (e.g., LOGIN, PASSWORD, API_CREDENTIAL, SECURE_NOTE, SERVER, DATABASE) |
title | string | No | Item title |
tags | string | No | Comma-separated list of tags |
fields | string | No | JSON array of field objects (e.g., [{"label":"username","value":"admin","type":"STRING","purpose":"USERNAME"}]) |
| Parameter | Type | Description |
|---|
response | json | Operation response data |
Replace an entire item with new data (full update)
| Parameter | Type | Required | Description |
|---|
connectionMode | string | No | Connection mode: "service_account" or "connect" |
serviceAccountToken | string | No | 1Password Service Account token (for Service Account mode) |
apiKey | string | No | 1Password Connect API token (for Connect Server mode) |
serverUrl | string | No | 1Password Connect server URL (for Connect Server mode) |
vaultId | string | Yes | The vault UUID |
itemId | string | Yes | The item UUID to replace |
item | string | Yes | JSON object representing the full item (e.g., {"vault":{"id":"..."},"category":"LOGIN","title":"My Item","fields":[...]}) |
| Parameter | Type | Description |
|---|
response | json | Operation response data |
Update an existing item using JSON Patch operations (RFC6902)
| Parameter | Type | Required | Description |
|---|
connectionMode | string | No | Connection mode: "service_account" or "connect" |
serviceAccountToken | string | No | 1Password Service Account token (for Service Account mode) |
apiKey | string | No | 1Password Connect API token (for Connect Server mode) |
serverUrl | string | No | 1Password Connect server URL (for Connect Server mode) |
vaultId | string | Yes | The vault UUID |
itemId | string | Yes | The item UUID to update |
operations | string | Yes | JSON array of RFC6902 patch operations (e.g., [{"op":"replace","path":"/title","value":"New Title"}]) |
| Parameter | Type | Description |
|---|
response | json | Operation response data |
Delete an item from a vault
| Parameter | Type | Required | Description |
|---|
connectionMode | string | No | Connection mode: "service_account" or "connect" |
serviceAccountToken | string | No | 1Password Service Account token (for Service Account mode) |
apiKey | string | No | 1Password Connect API token (for Connect Server mode) |
serverUrl | string | No | 1Password Connect server URL (for Connect Server mode) |
vaultId | string | Yes | The vault UUID |
itemId | string | Yes | The item UUID to delete |
| Parameter | Type | Description |
|---|
success | boolean | Whether the item was successfully deleted |
Resolve a secret reference (op://vault/item/field) to its value. Service Account mode only.
| Parameter | Type | Required | Description |
|---|
connectionMode | string | No | Connection mode: must be "service_account" for this operation |
serviceAccountToken | string | Yes | 1Password Service Account token |
secretReference | string | Yes | Secret reference URI (e.g., op://vault-name/item-name/field-name or op://vault-name/item-name/section-name/field-name) |
| Parameter | Type | Description |
|---|
value | string | The resolved secret value |
reference | string | The original secret reference URI |