Skip to main content
matthewf
November 26, 2025
Question

1Password guest account for a dev machine?

  • November 26, 2025
  • 2 replies
  • 81 views

Hello friends,

I've been reading about the Shai-Hulud/Sha1-Hulud malware which is currently spreading through npm packages with its TruffleHog payload, and there are plenty of other examples of supply-chain attacks against developer tools.

My 1Password has everything in it; stuff that I use for indie-development, and personal things like logins to my email and banking.

So now I'm thinking about making a clear separation between my indie-dev machine and other boxes that I use for traditional home-computing.

1Password's guest accounts look ideal for this. I could make a guest account which only has access to that one vault, and use only that guest account on my dev machine. Luckily my indie-dev items are already in a separate vault.

Would that work? Have I missed any gotchas? (And would this be compatible with 1Password's acceptable use-cases for guest accounts?)

Matthew

2 replies

December 2, 2025

Hi @matthewf ,

Thanks for the note, fundamentally the mechanics seem solid to me. We have some new tooling which may make things a little easier if you are on a Family / Team account (links below). 

I'm checking internally regarding the acceptable use question.

For Family / Team / Business accounts, we have Service Account Tokens which can be used in-place of logins in the CLI and SDKs.  Then you can issue a service token to a Docker Instance on either a per-vault basis with different permissions.  That should pretty well insulate you from malicious actors.  Here's a link to learn more.

https://developer.1password.com/docs/service-accounts

Cheers,
Phil & Team

matthewf
matthewfAuthor
December 2, 2025

Thank-you @1P_Phil, I did consider service accounts, but I don't think they would allow me to use the 1Password desktop app or auto-fill in the browser.

December 2, 2025

Hi @matthewf ,

Ah, yes that is correct.  They are more for automation tasks. 

That being said we just released into beta, Local Authentication for the SDKs which allows you to add an integration from your app to retrieve an item from the vault using the Desktop App to authenticate (with something like the bio-metric unlock).

Anywho, good luck!

More the 🫆SDK - Introducing 1Password SDKs for Desktop Integrations | 1Password Community

Phil