Service Account Rate Limits: 15+ Minutes Block, No Backoff Duration Shown
Environment:
- 1Password CLI (latest)
- Service Account (not personal account)
- Linux systemd service using LoadCredentialEncrypted
- op inject to load 2 secrets at startup
---
The Problem
My systemd service uses a 1Password service account to inject 2 secrets at startup via op inject. While debugging an unrelated configuration issue, I restarted the service
approximately 15 times over 10 minutes. This triggered a rate limit that has now persisted for over 15 minutes with no sign of clearing.
The Error Message
[ERROR] 2026/01/31 22:35:22 Too many requests. Your client has been rate-limited. Try again in seconds
Note the blank where the number should be — there's no indication of how long to wait.
Observed Behavior
┌──────────────────┬────────────────────────────────────┐
│ Operation │ Result │
├──────────────────┼────────────────────────────────────┤
│ op whoami │ ✅ Works (authentication succeeds) │
├──────────────────┼────────────────────────────────────┤
│ op vault list │ ❌ Rate limited │
├──────────────────┼────────────────────────────────────┤
│ op inject │ ❌ Rate limited │
├──────────────────┼────────────────────────────────────┤
│ op read op://... │ ❌ Rate limited │
└──────────────────┴────────────────────────────────────┘
This indicates the rate limit is applied per-operation-type — authentication endpoints work fine, but any vault/item access is blocked.
Issues
1. Rate limit is extremely aggressive — ~15 requests over 10 minutes triggered a 15+ minute block. This is a typical debugging session, not abuse.
2. No backoff duration shown — The error says "Try again in seconds" but the actual number is missing. I have no idea if I should wait 1 minute or 1 hour.
3. No way to check status — There's no op rate-limit-status command or API to check current quota/reset time.
4. Service accounts should have higher limits — These are designed for automation and CI/CD where rapid retries during debugging are expected behavior.
5. Disproportionate impact — A brief debugging session can take down production services for an extended period with no recourse.
Expected Behavior
- Show the actual backoff duration in the error message
- Faster reset — 1-2 minutes, not 15+
- Higher thresholds for service accounts — differentiate from potential abuse patterns
- Rate limit status endpoint — let us query current quota and reset time
- Graduated response — warn before hard blocking, or use exponential backoff instead of a cliff
Workaround
Wait and hope. There's no way to know when access will be restored.
---
Request: Can someone from the 1Password team clarify the rate limit policy for service accounts and whether the blank duration in the error message is a known bug?
