Introducing: Desktop auth for SDKs & 1Password Environments access for CLI, SDK & Service accounts

Today, we're introducing two new features to help developers get secrets to the right place at the right time, without sprinkling them across files, repos, and build logs.

Programmatically read 1Password Environments (read‑only, now in beta)

If you store project environment variables in 1Password Environments, you can now read them at runtime via the 1Password CLI and SDKs. That means tools can pull secrets when they’re needed, instead of maintaining .env files or managing long‑lived secret syncs.

A few places this shines:

CI/CD workflows: Retrieve and inject .env variables during builds using a service account.
Containers/Kubernetes: Apps read connection strings at startup.
Local + AI-assisted tooling: Scripts/Make targets fetch tokens on demand while keeping secrets out of the model context.

Video not displaying? Watch it here.

Desktop authentication for 1Password SDKs

Fresh out of beta, SDK integrations can now authenticate through the 1Password desktop app with a biometric/password prompt. Sessions inherit the signed‑in user’s access and time out after 10 minutes of inactivity (or when 1Password locks).

This unlocks higher‑impact workflows, including full vault management (create/read/update/delete/list), managing vault permissions, and batch item operations for teams operating at scale.