Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Frustrations with .env File Handling and Environments in 1Password
To whom it may concern, I just tried to add some basic .env files to 1Password and was honestly surprised at how difficult and unsatisfying the experience was. I’ve always considered 1Password a premium, polished product, and I’ve really enjoyed using it so far. But in this case, the lack of functionality is pretty disappointing. I know you recently launched the Environments beta, which seems like a step in the right direction, but it’s clearly not fully fleshed out. Most programming projects of mine include multiple environment files, not just one. Some values in these files are sensitive, and others aren’t, so we should be able to choose which fields are masked (as passwords) and which are shown normally. Importing and exporting environment files should also be seamless, currently, it’s anything but. But the biggest issue with Environments right now is that they apparently don’t belong to vaults. That means I can’t share them with coworkers, which makes them basically useless for team projects. What’s the point of having them at all if they can’t be shared? So I tried workarounds: First, I attempted to store the variables in a secure note. While you can manually add fields, that’s clunky and time-consuming. Then I tried uploading the .env file to the note, but on macOS, the file picker doesn’t show hidden files, and apparently there’s no way to make it do so. This made it impossible to upload the file with its original name, a really basic oversight, and one that shouldn’t exist in a premium product. Next, I tried using a Document item. At least the drag-and-drop upload worked (unlike Secure Notes), but now I’m locked into a document type that only allows a single file. That’s just not workable when a project has multiple secret environment files. Even worse, if I want to replace the file, the drag-and-drop UI disappears entirely, so I can’t upload a hidden file again. I’d have to delete the entire document and start over. That’s absurd. I genuinely respect the work you’ve done on 1Password; it’s one of the few tools I’ve used that felt reliable and trustworthy out of the box. But these gaps in functionality around something as basic as handling environment files are frustrating. And for a product at this price point, I expect this sort of workflow to just work. It’s hard to believe these limitations haven’t already been addressed. On top of that, it was surprisingly difficult to even find a proper way to give feedback like this. That feels like a mistake, if users can’t easily tell you where the product falls short, you miss the chance to improve it. Anyway, I needed to get this off my chest. I hope this feedback is helpful, and that we’ll see improvements to these features soon. Best regards, Joël Grosjean.env files should support more file formats
Hey, I was incredibly excited to see the 1Password beta supporting .env files. After testing it out in the latest beta, I understand that this is incredibly useful for environments that support traditional .env files. However, as someone working with building mobile apps, specifically for iOS, I was hoping that the new feature was a tad more flexible, enabling me to use it in .swift files. Specifically, I was hoping that the new feature would replace references to secrets in existing files rather than creating a new (temporary) file. If it were replacing references in existing files, we could use the .env support in 1Password's Environment with any file template. I understand the downsides to this, but in the mobile landscape it's not uncommon to hardcode select secrets in the binary and even when doing so, we'd like to keep those secrets out of version control. Therefore, we have .swift template files that look like this: enum Secrets { enum SomeService { static var apiKey: String { "{{ op://Acme GitHub Actions/Some Service API Key/API Key }}" } } } These files are named Secrets.tpl.swift and are stored in version control. We use `op inject` to inject the secrets into these files and output them as Secrets.swift, so they're referenced at compile time. Secrets.swift is not checked into version control, of course. I was hoping that we could mount Secrets.tpl.swift or similar in 1Password Environments to have it handle the secrets for us, as .env files aren't really a thing in iOS development. I'm excited to use 1Password Environments with the new .env files in backend development, but I hope you'll consider making it more flexible, so it can accommodate more platforms too. Best regards, Simon B. StøvringAPI key storage
In the new "Developer" tools, I'd love to see proper API key storage. Honestly a lot of this can be accomplished with standard 1Password tools but I want to keep passwords separate from API keys whether by category or just plain feature separation into developer tools. It would be great if the browser extension could differentiate between an API key / token and a password. Even if it can't it would be great to have an option to specify API vs password. One key difference between passwords and API keys is that on one site you generally have a single login/password but with API keys you have one site and many keys usually with key/value pairs. -- Example -- Type: API Site: Anthropic URL: console.anthropic.com Key name: Project A Key value: [32bit key value] Key name: Project B Key value: [32bit key value] Key name: Project C Key value: [32bit key value] --- \ Example --- Again, I understand you can make this work with existing passwords but API keys should be treated differently and have their own feature space. This is a good feature for developers, and when evaluating a 1password for Business feature space an IT admin has to deal with a lot of API keys and it would be good to store them securely and easily be able to identify which API keys they may need to rotate. API keys could also be worked into Watchtower as API keys that have been leaked or exposed in data breaches. API keys are not just used within .env files, it could be website and even AI desktop tools like MCP server settings.
Password generator when exporting ssh keys
It would be nice to integrate the password generator when exporting ssh keys to create a random passphrase saved in the key entry in 1Password. The workflow for this is clunky currently as I create a new password field in the entry with a randomly generated password and then use that as the passphrase when exporting the key. Now, when the key is exported 1 password saves an entry of the passphrase used to export the key. Now I’ve got two entries for the same phrase. it would be a much simpler flow if the passphrase could be randomly generated inside the export key dialogue instead.
Environments feature request: Add notes to variables & insert them as comments in the final .env
Hey folks! I'm really liking the Environments Beta, but one thing I'm missing is the ability to keep the comments I had in my old manual `.env` file. For example I have an API key that has no indication of which actual account it's for, so it would be really nice to be able to add this as a note in 1Password and have it end up in the resulting .env file. So in this example, the "API_KEY" variable would have a note attached in 1Password that said "Associated account is frobulator@example.com" and the resulting .env file would look like this: $ cat .env # This file was generated by 1Password. Any manual edits will be lost. # For more information, visit: https://developer.1password.com/docs/environments/local-env-file BASE_URL=https://prod.example.com # Associated account is frobulator@example.com API_KEY=uophfpanfphbofsgfoibCVHDFBahpis
1Password Environments Beta is awesome
Just wanted to drop some feedback after playing around with the new Environments Beta in 1Password. Honestly, I’m loving it so far. The local .env file mounting is just brilliant. Secrets are easy to access without having to run extra commands, but still secure – exactly what I want. Makes switching between machines seamless, too. A couple of things I’d really like to see next: 1. CLI Integration - being able to create/edit/list environments and variables from the terminal would make this so much more useful, right now, having to click around in the desktop app is a bit of a pain for dev workflows. 2. More integrations: AWS Secrets Manager is a great start, but would love to see GCP and other major providers such as GitHub, etc. A plugin system for integrations would be awesome also to help cover more niche players like Modal.com Overall, this is a huge step in the right direction for 1Password. Can’t wait to see where this goes next!
Mark environment variable value as optional
Hey community! The Environments feature came into a very fitting point for our team’s new project. We’re currently experimenting with it in order to replace the .env.template file conventionally used to denote the list of variables needed in a local dev env. There’s a small issue however (very similar use case to Tillman’s). Not all developers need all variables, and additionally there are variables that are personal to each user. So, after short experimentation we thought of the following suggestion: What if, alongside the key/value pairs that are persisted in the .env file (common for all users that have access to the .env file), there was a different entry type whose value wasn’t synced to the upstream? This way, 1. all users with access to the .env file would always have the up-to-date list of all variables used in the project, but 2. would be able to leave some values empty and let the code decide how to handle this case, and 3. would be able to add personal values (eg. API keys even via secret references) without leaking them to the rest of the users. What do you think?
Fingerprint sensor support on remote systems?
Hello, maybe I missed something. Hence, I am asking before buying a new Mac Keyboard with sensor ... I use 1Password for: local stuff on my Mac on remote systems over ssh Visual Studio Code (VSC) remote over ssh VSC Docker devcontainers on remote Linux systems (In VSC open a folder on a remote system, open the project folder in docker devcontainers) Typing in the vault password is a cumbersome thing, when done too often, and restarting and rebuilding the containers, are new shells / terminals requesting entering the 1Password vault password often. Hence, I am looking for a way to make this simpler and hoped for support of the fingerprint sensor on remote systems.
CLI access for team members in a read only mode
Hi, i've been wondering if there is an option to create a group in your Team where you give users the option to use cli with limited access to only let it do non changing things like reading secrets/variables as from my understanding so far cli access mostly came allong with the permission to manage things. Is there any way to do that currently as otherwise i wouldnt really know how to do that. Kind regards, -kiru
