Loading 1Password credentials inside a Docker Container from an Environment.

What you’re trying to do is actually a pretty normal setup, and you’re on the right track with op run. The cleanest approach with 1Password is to inject secrets only at runtime instead of baking them into the image or exporting them on the host. So instead of storing anything long-term, you just wrap the container start command: op run -- docker run your-image That way, 1Password provides the secrets only while the process is running, and once the container stops, nothing is left behind in the environment. Another simple option is to make it part of your entry command in Docker so it always runs through op run, and your app just reads normal environment variables like it normally would. The main thing to avoid is putting secrets into the Dockerfile or static .env files, because that defeats the purpose of using 1Password in the first place. For a basic Docker setup, op run is usually the simplest and most practical solution without adding extra infrastructure.