1Password SDKs are now available in beta

Why 1Password SDKs?

Customers have been asking for a 1Password API so they can access their vaults and items stored in 1Password via that API. It’s a common request, and a reasonable one. The use cases are endless, and we’re builders and tinkerers by nature, too. But it presents some engineering challenges given 1Password’s unique security model.

Building a traditional REST API would require 1Password to decrypt and store sensitive user data on our servers. That’s incompatible with our security model and our commitment to zero-knowledge, end-to-end encryption. Only you hold the keys to decrypt the information you store in 1Password, and we want to keep it that way.

Enter the 1Password SDKs. The SDKs can be embedded within your application to decrypt data when and where it’s needed, so every value stays secret until that moment. This approach keeps our end-to-end security intact, even while opening up access for developers to build integrations.

SDKs also provide a better developer experience overall. You can use them directly in your language of choice without building the types, functions, and validation from scratch – the SDK already provides all of this for you. It’s also easier to manage and install different versions using the package manager for your language. And, of course, all of this is available directly in your language of choice.

How 1Password SDKs Work

Building on the success of 1Password CLI, the SDKs provide simple and efficient access to build integrations with 1Password. Today you can create, read, edit and delete items using our Go, JavaScript and Python SDKs. We’ll be improving the SDKs and adding new functionality in the coming months, so let us know your feedback. You can share your input, and follow for updates, by joining the #sdk channel in the 1Password Developer Community Slack.

To use an SDK in your project, first create a 1Password Service Account to provide token-based access to a 1Password vault. By default you can create service accounts if you’re an owner or administrator on your team, family, or personal plan. Otherwise, ask your administrator to give you permissions to create service accounts, or ask them to set one up and share the token with you.

Next, export your service account token to an environment variable, for example: export OP_SERVICE_ACCOUNT_TOKEN=<your-service-account-token>.

Using the 1Password SDKs follows a similar flow across languages:

1. Import the SDK.
2. Create an authenticated client.
3. Perform an action (for example, create, read, update, or delete an item).

Let’s take a look at a few examples to see how the SDKs work in practice.

1Password Javascript SDK

To get started with the Javascript SDK, first install it by running npm install @1password/sdk@beta. You can also install it using Yarn or PNPM, or directly from the GitHub repository.

Here’s a simple example showing how you might retrieve a secret stored in 1Password using the Javascript SDK:

import { createClient } from "@1password/sdk";

// Creates an authenticated client with 1Password.
const client = await createClient({
  auth: process.env.OP_SERVICE_ACCOUNT_TOKEN,
  integrationName: "My 1Password Integration",
  integrationVersion: "v1.0.0",
});

// Retrieves a secret from 1Password. Takes a secret reference as input and returns the secret to which it points.
const secret = await client.secrets.resolve("op://vault/item/field");

// TODO: Do something with the secret...

You can learn more about working with the 1Password Javascript SDK in the SDK documentation.

1Password Python SDK

To get started with the Python SDK, install it using pip install git+ssh://git@github.com/1Password/onepassword-sdk-python.git, or directly from the GitHub repository.

Here’s a simple example showing how you might retrieve a secret stored in 1Password using the Python SDK:

import asyncio
import os
from onepassword.client import Client

async def main():
    token = os.getenv("OP_SERVICE_ACCOUNT_TOKEN")
    
    # Creates an authenticated client with 1Password.
    client = await Client.authenticate(auth=token, integration_name="My 1Password Integration", integration_version="v1.0.0")
   
    # Retrieves a secret from 1Password. Takes a secret reference as input and returns the secret to which it points.
    secret = await client.secrets.resolve("op://vault/item/field")
    
    # TODO: Do something with the secret...

if __name__ == '__main__':
    asyncio.run(main())

Check out the SDK documentation to learn more about working with the 1Password Python SDK.

1Password Go SDK

To get started with the Go SDK, install it using the go get github.com/1password/onepassword-sdk-go command, or directly from the GitHub Repository.

Here’s a simple example showing how you might retrieve a secret stored in 1Password using the Go SDK:

import (
    "context"
    "os"
    "github.com/1password/onepassword-sdk-go"
)

func main() {
    token := os.Getenv("OP_SERVICE_ACCOUNT_TOKEN")

    // Creates an authenticated client with 1Password.
    client, err := onepassword.NewClient(
                context.TODO(),
                onepassword.WithServiceAccountToken(token),
                onepassword.WithIntegrationInfo("My 1Password Integration", "v1.0.0"),
    )
    if err != nil {
	// TODO: handle err
    }

    // Retrieves a secret from 1Password. Takes a secret reference as input and returns the secret to which it points.
    secret, err := client.Secrets.Resolve("op://vault/item/field")
    if err != nil {
        // TODO: handle err
    }

    // TODO: Do something with the secret...
}

Again, you can learn more about working with the 1Password Go SDK in the documentation.

Get started with 1Password SDKs

Visit the 1Password Developers portal for additional documentation and resources about 1Password SDKs and our other developer tools.

We can’t wait to see what you build with 1Password SDKs!

Andrew Stiefel

Product Marketing – Business & Channels