Skip to main content
May 31, 2026
Question

Show the requested credential

  • May 31, 2026
  • 1 reply
  • 65 views

I'm heavily using 1password now for agentic usage. All of my business is set up on it now, and all of my credentials are locally using op://, or service accounts.

I've put in a lot of effort to try and isolate systems using least privilege, but one problem is that when agents (or applications) request a credential from the system, it doesn't say WHAT credential is being requested.

Half the time it doesn't even say the correct name for the application making the request, either. 

This is a big problem, because I'm starting to get into the habit of just spamming "Accept" blindly. But the whole reason I have set up this whole pipeline is so I can catch malicious programs trying to gain access - for example, supply chain attack infections.

Without seeing what credential is being requested, and the process information that is requesting it, I'm finding it's not actually adding much protection at all, because it's putting me into a false sense of security and promoting bad habits. If I'm running multiple agents in parallel, which is often the case, it might just say "Terminal requests access to your vault" or something similar. Which terminal is that? What is the underlying entity being requested? What credential? What is the process ID or terminal title, so I can isolate it to a terminal/agent? Etc.

I think this is something that urgently needs to be added. Otherwise, as it stands, it's not really offering much protection because users will just go "oh, it's probably just that agent running - I'm sure it's fine" and accept everything. If that agent happened to have installed a malicious npm package, you'd probably catch it too late.

1 reply

1P_Gem
1Password Employee
June 2, 2026

Hi @nbio, thanks for taking the time to share your feedback.

I can definitely understand how this is an important improvement that would allow users to make more informed security decisions about what is actually being authorised. I've filed a feature request with the team, with all of the details you've provided here.

CFP=19972

nbioAuthor
June 2, 2026

Thanks @1P_Gem - Another idea I had, if we had the ability to pass a string into the op line that might help as well. so if it's like op://vault/item/key?message=Requesting+the+key+for+... - and that can be displayed in the dialog.

Furthermore, I think one key issue with this is the the security boundaries can't be changed to item only. I.e., you can configure it to approve only specific items being read and unlocked for a time period, instead of entire vaults or the whole account being unlocked for a time period. 

1P_Gem
1Password Employee
June 3, 2026

Hi @nbio, thanks for these additional ideas! I've added these details to the feature request for the team to see.