From 1password
Build application integrations with 1Password SDKs (Go, JavaScript, Python). Use when the user wants to programmatically manage items, vaults, secrets, or Environments in application code — not shell one-offs. Triggers on "1Password SDK", "onepassword-sdk", "integrate 1Password in my app", "read secrets in code", "build with 1Password API", or scaffolding SDK-based secret management. Choose SDK over CLI for typed, in-process integrations.
How this skill is triggered — by the user, by Claude, or both
Slash command
/1password:1password-sdkThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
| Need | Use |
| Need | Use |
|---|---|
| Shell scripts, CI one-liners | CLI (1password-cli skill) |
| Agent Environment management | MCP (1password-mcp skill) |
| Application code with type safety | SDK (this skill) |
| Language | Package | Reference |
|---|---|---|
| Go | github.com/1Password/onepassword-sdk-go | references/go.md |
| JavaScript/TypeScript | @1password/sdk | references/javascript.md |
| Python | onepassword-sdk | references/python.md |
Docs index: https://www.1password.dev/llms.txt
| Method | Best for | SDK support |
|---|---|---|
| Desktop app | Local dev, human approval, biometrics | Go, JS, Python |
| Service account | CI/CD, headless, least privilege | Go, JS, Python |
| Connect server | Self-hosted REST API in your infra | Connect SDKs (separate) |
Never embed service account tokens in source code. Load from environment variables.
op://vault/item/field resolved at runtimeConcepts guide: https://www.1password.dev/sdks/concepts
go get github.com/1Password/onepassword-sdk-go
See references/go.md
npm install @1password/sdk
pip install onepassword-sdk
op service-account create "my-app" --vault "App Secrets:read_items"
export OP_SERVICE_ACCOUNT_TOKEN="ops_..."
Scope vaults to minimum required permissions.
Read project secrets from Environments programmatically: https://www.1password.dev/environments/read-environment-variables
For self-hosted Connect REST API deployments, use separate Connect SDKs:
.gitignore patternsnpx claudepluginhub awfixers-stuff/plugins --plugin 1passwordSets up isolated workspaces using native worktree tools or git worktree fallback. Use before starting feature work to protect the current branch.