Developer newsletter: February 2026

1P_jess

1Password Team

6 days ago

Unlock developer productivity with two new releases

Happy February, developers!

The ground might be frozen, but 1Password’s codebases aren’t. We’re starting the new year strong with two new developer releases that will unlock your productivity and increase security for environment variable storage. Learn more below about these new features: programmatic, read-only access to 1Password Environments, and 1Password SDK authentication via the desktop app (now in GA).

We’ve also included recent posts from the 1Password blog, including our take on OpenClaw and the security challenges with AI-assisted IDEs, as well as lots of interesting reads from the 1Password Community and around the web.

👋 Enjoy!

Want to get 1Password developer updates straight to your inbox? Sign up for the developer newsletter.

Introducing: Programmatically access secrets in 1Password Environments

Developers can now read their project environment variables stored in 1Password Environments using the 1Password SDKs and CLI. That means you can fetch secrets programmatically from 1Password Environments instead of manually updating .env files.

It’s 2026, friends. No more secrets in plaintext. 🤝

Learn more 👉

1Password SDK desktop authentication hits GA

Work faster and smarter by authenticating the 1Password SDK locally through the 1Password desktop app. Use biometrics (or your password) to authenticate SDK usage.

This release also expands vault management options, batch item operations, and group vault permissions to enable developers to work even more efficiently.

Read the docs 👉

Tell us your 1Password SDK must-haves

The 2026 1Password Developer roadmap is missing one final ingredient: your input. Fill out our two-minute survey to share which additional languages or SDK use cases you’d like to see us support.

Fill out the survey 👉

From the 1Password blogs

From magic to malware: How OpenClaw's agent skills become an attack surface

1Password's Jason Meller took a close look at OpenClaw, the wildly popular AI skill registry, and discovered that many listed skills contain malicious code or hidden instructions. “This is the type of malware that doesn’t just ‘infect your computer.’ It raids everything valuable on that device.” If you’re using OpenClaw, this is a must-read!

1Password's new benchmark teaches AI agents how not to get scammed

To better understand and track the security risks of AI agents, 1Password is introducing a new benchmark. The Security Comprehension and Awareness Measure (SCAM) evaluates whether AI models can stay safe while completing real-world tasks, like filling in passwords.

Bringing secure, just-in-time secrets to Cursor with 1Password

1Password has partnered with Cursor to make coding with AI safer than ever. Our new Cursor integration gives you a secure way to make required secrets available to Cursor’s AI agents via 1Password Environments.

AI is changing the IDE. With 1Password, security keeps up.

For software development to be secure, the IDEs we use need to be secure, too. Learn about the risks of using AI-powered IDEs and coding assistants in this overview of Ari Marzouk’s research project, IDEsaster, as well as how 1Password solves this challenge.

Community corner

[Video] Smarter .env management with 1Password

CJ Avilla discusses the security concerns of storing dev secrets in local .env files and how 1Password Environments can address them. Learn how to get set up in under three minutes.

Env var loading and validation for 1Password (open source)

The team at DMNO shared their latest 1Password plugin in 1Password Community for varlock – an open source config management tool with features like validation and type safety.

Using 1Password secret references in R

Rory Lawless shares how to set up your .Renviron file using 1Password CLI to get your secrets out of plaintext.

Open source contribution: Vite now supports .env file mounts

Shoutout to 1Password developer Sidharth Sudhir for his accepted MR to add native FIFO (named pipe) support in Vite – an addition that enables developers to use Vite with 1Password's new .env destinations.

Want to get featured in the 1Password Developers newsletter? Share your tutorials and blog posts with us in 1Password Community.

1Password @ nwHacks hackathon

1Password developer Zahra Raza recently attended nwHacks – Western Canada’s premier hackathon – where she judged the 1Password Best Security Hack prize. This prize was awarded to the project that offered a creative approach to cybersecurity, while maintaining 1Password’s core values: Keep it simple, Lead with honesty, and Put people first.

Congratulations to everyone who participated!

Check out the winning projects’ demos to learn more:

Trojan (winner)
SpyPry (honourable mention)
SafeSite (honourable mention)

Join the 1Password team!

Love 1Password, coding, and cybersecurity as much as we do? Check out our job board and apply to one of our many remote technical positions.

Keep this conversation going on 1Password Community

That's it for this month. If you want to chat about anything covered in this newsletter, join the 1Password developer Slack or here in 1Password Community and start a new discussion thread!

– 1Password’s Developer & AI team