Moltbot Agent Secrets & Access Management

Question

So the 1Password blog has a new post&nbsp;https://1password.com/blog/its-moltbot&nbsp;by Jason Meller about the new AI Agent hotness, Moltbot. In it he discusses how AI Agent access management should work, and the dangers of keeping keys in plaintext.It reads mostly as a theoretical treatise of how things should work in an ideal world. But it's unclear how much of what he talks about is actually possible currently. I know 1Password has some sort of Enterprise Agent access management features they're working on, but I'm not familiar with that side of things, and am uncertain if or how those would apply to a local personal project like Moltbot.How can we best use 1Password for managing Moltbot's access to secrets? Is it something possible with current features, and you just need to improve documentation to make it clear for this use case? Do you need to add additional functionality to 1Password to make it work? Do you need to contribute to the Moltbot project itself to add the integration? Is that something you're planning on doing?

thecatfix · Answer

I just read that post and started laughing hysterically. The lack of details for solutions is ridiculous. The entire service account workflow is similar to a clown running thru a minefield. (clown shoes are huge). Don’t export token. Put it in systemd credential and encrypt the op.token AND MOST IMPORTANTLY

SETUP A SEPARATE VAULT FOR THE CLAWDBOT THAT HAS ACCESS TO TOKENS FOR THE GATEWAY SERVICE

if u give it access to all your vaults then u are playing with fire

Forum Discussion

Moltbot Agent Secrets & Access Management

1 Reply

Featured discussions

Meet the 1Password team at KubeCon Europe

Recent discussions

1password locks within 10 seconds on High Performance or Dynamic resolution screen share on macOS

Multiple account support in op run

Concatenate password with OTP

op CLI hangs on macOS Tahoe

How do I use the SSH agent in headless Linux?