Protect what matters – even after you're gone. Make a plan for your digital legacy today.
1Password Environments issue with VSCode and Claude Code Extension
I've noticed a curious issue in testing 1Password Environments in a repository where I'm editing with VSCode and using the Claude Code extension in VSCode. Since enabling 1P Environments, I've noticed that the Source Control sidebar gets stuck refreshing Git Status, and Claude Code slows or stalls. Running Claude Code outside of VSCode works fine (as does using Git in Terminal, and so I wonder if this is a VSCode issue? I have the VSCode 1Password extension, as well as the Claude Code for VSCode extension, among others. Happy to provide other details if you can let me know what would help.1Password Environments - Vite workaround
Hi all, We have received some feedback that people are having trouble with 1Password Environments and using Vite. While we polish of a fix, here is a workaround you can use. Create an entry in your vite.config.ts to ignore the .env files so that it stops constantly trying to reach from the file. (and restarting). import { defineConfig } from 'vite' export default defineConfig({ server: { watch: { ignored: ['**/.env', '**/.env.*'] } } }) Thanks for the feedback and keep it coming! Phil & Team!1Password keeps updating .env file
1Password Environment is really cool! I'm excited to use it. But I'm running into a problem: 1Password keeps updating the mounted .env file, even when the content hasn't changed. This causes our development server (Vite) to constantly detect file changes and restart.
Automated bi-directional sync between 1Password and AWS Secrets Manager — is this actually possible?
Hey everyone, SRE at a small startup here. We've been using 1Password for a while and overall love it, but we're running into a friction point with our AWS setup that I'm hoping someone has solved. What we're trying to achieve: We want a proper bidirectional sync between 1Password vaults and AWS Secrets Manager. Specifically: 1Password → AWS SM: When someone on the team updates a credential in 1Password, it should automatically propagate to AWS Secrets Manager so our workloads pick it up without anyone having to manually copy-paste things. AWS SM → 1Password: We use AWS Secrets Manager's native auto-rotation for some credentials (RDS passwords, API keys, etc.). When AWS rotates a secret automatically, we'd want that updated value to flow back into 1Password so our employees can always go to 1Password as the single source of truth and get the current credential. On the new "Environments" feature (beta): We noticed the new Environments feature and got excited — it looked like exactly what we needed. But after digging in, it seems pretty limited right now. From what we can tell: There's no SDK support for managing environments programmatically There's no CLI support either (`op` doesn't seem to have environment management commands yet) Everything has to be done through the UI wizard This makes it really hard to automate. We provision new environments dynamically as part of our infrastructure-as-code workflows (Terraform), so we need to be able to create and configure environments programmatically. Is this on the roadmap? Are there any workarounds people are using? The SAML IdP requirement in Environments: Related to the above — the Environments setup wizard seems to require a SAML Identity Provider to be configured for each environment. We use Azure Entra ID as our IdP (federated through AWS Cognito), and we have a single IdP setup that covers all our environments. Is it actually required to have a separate SAML IdP per environment, or is there a way to reuse a single IdP across multiple environments? The wizard flow makes it seem like each environment needs its own IdP configuration, which would be a significant blocker for us — we can't dynamically spin up new IdP configurations every time someone creates a new environment in our platform. If this is a hard requirement, it basically rules out Environments for our use case entirely, since we'd need to automate IdP provisioning as part of environment creation, which is a whole other can of worms. Summary of questions: Has anyone built a reliable bidirectional 1Password ↔ AWS Secrets Manager sync? Especially the AWS SM → 1Password direction for auto-rotated secrets? Is there any programmatic/API access for Environments (SDK, CLI, REST API) that isn't documented yet, or is it genuinely UI-only right now? Is a separate SAML IdP per environment actually required, or can you reuse one IdP across environments? Thanks!1Password CLI Bug Report: Service Account Cannot Read Environments
Summary op environment read and op run --environment return "Environment was not found" when authenticated with a Service Account that has Read access to the Environment. Desktop app authentication works correctly with the same Environment ID. Environment op CLI version: 2.33.0-beta.02 OS: macOS 15.3 (arm64) 1Password Desktop App: 8.12.2 Account type: Individual (my.1password.com) Steps to Reproduce Create a 1Password Environment "AI Agent" with variables (e.g., BRAVE_API_KEY) Create a Service Account "Ghossty" with: Vaults: Dev (Read) Environments: AI Agent (Read) Export the Service Account token: export OP_SERVICE_ACCOUNT_TOKEN="<token>" Run: /usr/local/bin/op environment read <environment-id> Expected Result BRAVE_API_KEY=<value> GITHUB_PAT=<value> Actual Result [ERROR] 2026/02/18 18:41:55 bad input passed by the user: Environment was not found Workaround Confirmation Desktop app authentication works correctly with the same Environment ID: OP_SERVICE_ACCOUNT_TOKEN= /usr/local/bin/op environment read <environment-id> # Output: # GITHUB_PAT=[REDACTED:github-fine-grained-pat] # BRAVE_API_KEY=[REDACTED:api-key] Additional Context op whoami confirms the Service Account is authenticated: URL: https://my.1password.com User Type: SERVICE_ACCOUNT The Service Account was created on 2026-02-18 (after Environments beta was available) The SA has confirmed Read access to the Environment in the 1Password app UI op run --environment <id> -- printenv also fails with the same error Vault access works fine with the same SA (op item list --vault Dev succeeds) Impact Cannot use the official headless/automated approach for loading Environment variables in shell startup scripts. Forced to use desktop app authentication which requires biometric confirmation on every invocation..env files should support more file formats
Hey, I was incredibly excited to see the 1Password beta supporting .env files. After testing it out in the latest beta, I understand that this is incredibly useful for environments that support traditional .env files. However, as someone working with building mobile apps, specifically for iOS, I was hoping that the new feature was a tad more flexible, enabling me to use it in .swift files. Specifically, I was hoping that the new feature would replace references to secrets in existing files rather than creating a new (temporary) file. If it were replacing references in existing files, we could use the .env support in 1Password's Environment with any file template. I understand the downsides to this, but in the mobile landscape it's not uncommon to hardcode select secrets in the binary and even when doing so, we'd like to keep those secrets out of version control. Therefore, we have .swift template files that look like this: enum Secrets { enum SomeService { static var apiKey: String { "{{ op://Acme GitHub Actions/Some Service API Key/API Key }}" } } } These files are named Secrets.tpl.swift and are stored in version control. We use `op inject` to inject the secrets into these files and output them as Secrets.swift, so they're referenced at compile time. Secrets.swift is not checked into version control, of course. I was hoping that we could mount Secrets.tpl.swift or similar in 1Password Environments to have it handle the secrets for us, as .env files aren't really a thing in iOS development. I'm excited to use 1Password Environments with the new .env files in backend development, but I hope you'll consider making it more flexible, so it can accommodate more platforms too. Best regards, Simon B. Støvring
Service account creation missing
I deleted a service account in my 1Password settings because I needed to recreate a new one. However after I deleted it, the entire service account section disappeared for some reason and I'm not sure why. I've logged out and back in with no change. It used to show up to the left before Environments tab but now it's gone. Help?
Using environments feature in Gitlab CI
Hi there, As a 1password user within a tech team, I'm interested in using new Environment feature: https://developer.1password.com/docs/environments/ It seems to be really interesting but I have one question. Would it be possible to retrieve a .env file stored onto Environment section from a Gitlab CI job thanks to any 1password SDK (or any other solution) ? Is there a way to achieve this kind of task ? Thanks anyway for your amazing work. Best
