Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Introducing new .env file support in 1Password
Today, we’re introducing a first-of-its-kind feature available in the 1Password Desktop app. With the new local .env file destination in 1Password Environments, you can securely use and share .env files across your team, without rewriting how your app loads credentials. Here’s why it matters: Zero plaintext secrets on disk: Secrets are loaded into applications on demand. You can’t accidentally commit them. No cumbersome sharing of secrets: Teammates get instant access - no DMs or copying secrets. Built for teams: Version history, access control, and automatic updates - all in one place. Offline access: No more internet connection required to load secrets from 1Password. Secrets are sourced directly from the desktop app's local cache. Now available in beta on Mac and Linux. Interested to see it in action? Watch the demo video below. Video not displaying? Watch it here. 💬 Share feedback, get swag We want your input on what to build next: CI/CD integrations? Docker support? Something else? 📖 Read the docs to get started 👉 Join the discussion in the 1Password Developer Community 🧢 The first 10 developers to start a discussion on the 1Password Developer Community Hub to share feedback by October 31st will get exclusive 1Password swag. Be sure to tag your post with beta-environments.
New Environments (beta) feature doesn't work with travel mode on
The way I use 1Password, I end up working with Travel Mode enabled about 99.9% of the time, as I don’t want all my vaults syncing across all my devices. Recently, I was testing Environments, and I noticed that whenever Travel Mode is enabled, all of my environments disappear. Is there a specific reason this happens? I would really like to use Environments with Travel Mode both on and off. If there is a security concern, I’d love it if this were optional on a per-item basis, allowing each item to be available, or not, when Travel Mode is enabled.Environments in Production via 1Password Connect Servers
I love Environments in my local development, it makes things an absolute breeze! Now for the inevitable stretch goal: I'd love to have something similar for my production setup using 1Password Connect Servers. Perhaps a thin client that can be part of a Docker stack, which can reach out to the Connect Server and provision an ephemeral environment file on the production server. Preferably in multiple formats (.env, YAML, TOML, JSON etc.)
Environments with custom text file
So nice, I discovered the feature as I was about to develop a custom solution around 1Password CLI! Mounting a file is definitely the best path forward to get people to migrate to proper secrets management for local dev. Got some issues when used for the `.dev.vars` of a Cloudflare Worker project, but I'd bet that's a bug in `@cloudflare/vite-plugin`. What would be really awesome is to be able to have arbitrary text file stored securely in 1P and mounted at their destination. While the `.env` format covers most of our uses cases, we do have secrets in other formats like json files and a few other. this could be helpful for secrets in code source as well this would also help with people wanting to preserve their original .env formattingCannot find "Destinations" tab for mounting secrets to local .env files
I am trying to use the feature "Access secrets from 1Password through local .env files" but I cannot find the "Destinations" tab. What I have done: Enabled "Show 1Password Developer experience" in Settings > Developer Enabled "Record and display activity" I can see and use the AWS Secrets Manager integration What I expected: According to the documentation, there should be a "Destinations" tab that allows me to mount secrets to a local .env file. What I see: The "Destinations" tab does not appear anywhere in the interface. I only see the AWS Secrets Manager integration option. Environment: 1Password version: Latest OS: Windows Account type: Individual Could you please help me understand how to access the Destinations feature, or let me know if this feature has been moved or deprecated? Thank you..env files should support more file formats
Hey, I was incredibly excited to see the 1Password beta supporting .env files. After testing it out in the latest beta, I understand that this is incredibly useful for environments that support traditional .env files. However, as someone working with building mobile apps, specifically for iOS, I was hoping that the new feature was a tad more flexible, enabling me to use it in .swift files. Specifically, I was hoping that the new feature would replace references to secrets in existing files rather than creating a new (temporary) file. If it were replacing references in existing files, we could use the .env support in 1Password's Environment with any file template. I understand the downsides to this, but in the mobile landscape it's not uncommon to hardcode select secrets in the binary and even when doing so, we'd like to keep those secrets out of version control. Therefore, we have .swift template files that look like this: enum Secrets { enum SomeService { static var apiKey: String { "{{ op://Acme GitHub Actions/Some Service API Key/API Key }}" } } } These files are named Secrets.tpl.swift and are stored in version control. We use `op inject` to inject the secrets into these files and output them as Secrets.swift, so they're referenced at compile time. Secrets.swift is not checked into version control, of course. I was hoping that we could mount Secrets.tpl.swift or similar in 1Password Environments to have it handle the secrets for us, as .env files aren't really a thing in iOS development. I'm excited to use 1Password Environments with the new .env files in backend development, but I hope you'll consider making it more flexible, so it can accommodate more platforms too. Best regards, Simon B. Støvring
Environments: Feedback
Today I tried fiddling with Environments beta feature on 1Password and wanted to leave some feedback. Background: We currently use AWS secrets for managing 200+ secrets in our application, but due to the lack of backups/redundancy I started looking at alternatives and considering we already heavily use 1P, I thought I'd give Environments a go. Generally speaking I love it. It is precisely what we need, however a few things came up along the way which I would like to share: [P0] The UI needs improvements (and probably soon). There's no sorting nor searching for variables, making it very diffcult to find stuff when you have 100s of variables. — on web variables don't show up at all. [P1] The AWS integration errors when the secret already exists. This made things a bit awkward for us, considering we manage our infra via Pulumi and we couldn't "create" the secret via Pulumi (had to do some hack to get around this). — this can become important if one wants to give 1P AWS role a very strict access (just the managed secret, not a wildcard policy as suggested in the docs). [P2] Ideally would be awesome to have a pulumi provider and fully manage Environments via pulumi (only the setup, not the variables). [P1] There is share with individuals but no share with "a team of people". Thanks again and keep up the good work. 🙌Environments: Feedback
Today I tried fiddling with Environments beta feature on 1Password and wanted to leave some feedback. Background: We currently use AWS secrets for managing 200+ secrets in our application, but due to the lack of backups/redundancy I started looking at alternatives and considering we already heavily use 1P, I thought I'd give Environments a go. Generally speaking I love it. It is precisely what we need, however a few things came up along the way which I would like to share: [P0] The UI needs improvements (and probably soon). There's no sorting nor searching for variables, making it very diffcult to find stuff when you have 100s of variables. — on web variables don't show up at all. [P1] The AWS integration errors when the secret already exists. This made things a bit awkward for us, considering we manage our infra via Pulumi and we couldn't "create" the secret via Pulumi (had to do some hack to get around this). — this can become important if one wants to give 1P AWS role a very strict access (just the managed secret, not a wildcard policy as suggested in the docs). [P2] Ideally would be awesome to have a pulumi provider and fully manage Environments via pulumi (only the setup, not the variables). [P1] There is share with individuals but no share with "a team of people". Thanks again and keep up the good work. 🙌Env var loading and validation for 1Password (open source!)
If you are using 1Password to manage any dev/application secrets, you might be interested in our open source tool - https://varlock.dev We just released a new update that introduces a plugin system and our first plugin is for 1Password (of course) - see https://varlock.dev/plugins/1password/ Our tool lets you define a .env.schema file, which can contain decorator style comments to add additional metadata to your env. This is then used to do validation, generate types, etc. The tool also introduces a new function call syntax, and while you can talk to any external cli using the exec() function, the new 1Pass plugin also adds a new op() function which fetches items from 1Password. So how is this different from using `op run`? Uses the SDK and service account tokens for deployed environments, and (optionally) uses op CLI for local dev (with biometric auth via the desktop app) Adds validation and coercion Automatic type generation (right now just for TypeScript, more to come) Understands which items are sensitive, and adds leak detection when possible Supports loading multiple env-specific files (.env.local, .env.production, etc) Supports explicit imports to break up files however you like Drop in integrations for many frameworks You can also use Varlock alongside the new https://developer.1password.com/docs/environments/ by syncing your environment to a local file (such as `.env.local`) and varlock will automatically load those values, and apply its validation on top. Would love for y'all to take a look, and to hear what you think! Oh and please give us a ⭐ on GitHub @ https://github.com/dmno-dev/varlock --- An example .env.schema file using the new 1Password plugin
