Watchtower export automation
Hi everyone,
I'm looking for advice on automating the Business Watchtower report export, and if there's no current solution, I'd like this to serve as a feature request for the 1Password team.
The use case:
We run a recurring internal security awareness campaign where each employee receives a personalised report of their vault's Watchtower score. The data source is the Business Watchtower CSV export (the one available under Reports for owners/Security group members), which contains per-vault metrics:
Vault · Vault Type · Total Items · Issues · Compromised Websites · Vulnerable Passwords · Reused Passwords · Weak Passwords · Unsecured Websites · Two-Factor Authentication · Expiring Items · Items In Wrong Account
The problem:
Right now the only way to get this file is a manual click in the web UI. We need this automated on a schedule.
What I've already ruled out:
- Browser automation (Playwright/Puppeteer): Fragile — any UI change silently breaks the pipeline, and storing admin credentials for a headless browser is a security concern in itself.
- -Reconstructing the report via `op` CLI + service account: Technically possible for some columns, but requires fetching and locally evaluating every item across every vault. For an organisation of our size this would take hours per run — and replicating the breach/weak-password logic exactly as 1Password computes it is non-trivial.
- Events API:*Covers audit logs and item usage, not Watchtower security scores.
What I'm looking for
- A current method I've missed — perhaps an undocumented endpoint, a `op` CLI flag, or a Reports API that exposes this data.
- Confirmation that this isn't possible today, so this can be logged as a feature request.
Feature request (if it doesn't exist)
A `op report watchtower --format=json` command, or a REST endpoint under the existing API surface, that returns the same per-vault Watchtower summary that the UI export produces. A service account with read access to all vaults would be the natural auth mechanism.
This would be a significant quality-of-life improvement for security teams running automated reporting or compliance workflows. Happy to provide more detail on the use case if helpful for prioritisation.
Thanks in advance!
