Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Request for feedback: DMNO 1Password integration - env var/configuration tooling
Hello! TL;DR - If you've ever wanted to use secrets from 1Password in your JavaScript/TypeScript project without the hassle of writing custom scripts then check out our 1Password Plugin. We launched DMNO early this year and we've been continuously expanding our list of plugins and integrations. We're particularly proud of the 1Password plugin because it makes it very easy to retrieve secrets stored in 1Password and use them in your applications with minimal code. In addition to using values stored in 1Password, our plugin gives you: Coercion and validation Leak detection and prevention Log redaction and domain allow/deny lists for individual items Flexible storage in 1Password, from a single .env style blob to individual items Full TypeScript features including detailed IntelliSense docs and autocomplete Drop-in integrations for Remix, Next.js, Astro, Vite, and Node.js Best of all, it's completely free and open source. We'd love for other 1Password users to try it out. If there's a feature you want, we can probably add it for you and your team.
Feature request - general encryption utilities
As a builder of dev tools dealing with sensitive data (see https://dmno.dev), sometimes I need to encrypt/decrypt arbitrary data in a local cache. Currently I have to store a key somewhere, which is usually a file sitting somewhere else on disk - obviously not that secure... It would be really cool if I could rely on the user's local 1Password app for that instead. I would imagine this would look like the CLI and SDK (eventually) providing arbitrary `encrypt` and `decrypt` methods, which interact with the user's local 1password application. The existing biometric auth and locl/unlock mechanisms would mean I'd get encryption without storing a key locally and so the user would have to periodically re-prove their identity.Env var loading and validation for 1Password (open source!)
If you are using 1Password to manage any dev/application secrets, you might be interested in our open source tool - https://varlock.dev We just released a new update that introduces a plugin system and our first plugin is for 1Password (of course) - see https://varlock.dev/plugins/1password/ Our tool lets you define a .env.schema file, which can contain decorator style comments to add additional metadata to your env. This is then used to do validation, generate types, etc. The tool also introduces a new function call syntax, and while you can talk to any external cli using the exec() function, the new 1Pass plugin also adds a new op() function which fetches items from 1Password. So how is this different from using `op run`? Uses the SDK and service account tokens for deployed environments, and (optionally) uses op CLI for local dev (with biometric auth via the desktop app) Adds validation and coercion Automatic type generation (right now just for TypeScript, more to come) Understands which items are sensitive, and adds leak detection when possible Supports loading multiple env-specific files (.env.local, .env.production, etc) Supports explicit imports to break up files however you like Drop in integrations for many frameworks You can also use Varlock alongside the new https://developer.1password.com/docs/environments/ by syncing your environment to a local file (such as `.env.local`) and varlock will automatically load those values, and apply its validation on top. Would love for y'all to take a look, and to hear what you think! Oh and please give us a ⭐ on GitHub @ https://github.com/dmno-dev/varlock --- An example .env.schema file using the new 1Password pluginIntroducing 1Password SDKs for Desktop Integrations
We’re excited to announce new authentication capabilities in the 1Password SDKs! Developers can now build integrations that authenticate directly through the 1Password desktop app using the same trusted methods users already know —Touch ID, their account password, or other supported options. 🏗️ What this unlocks: Native and seamless integrations: Build integrations that connect directly with the 1Password desktop app using the SDK. It’s a secure, native way to integrate with 1Password — no extra setup or dependencies required. Human-in-the-loop workflows: Enable user-scoped authentication in your integrations to support secure, approval-based workflows that keep users in control. Easy to build and adopt: Simplifies integration setup and makes authentication effortless for end users. Now available in public beta for macOS and Linux in the SDKs for Go, JavaScript, and Python. Video not displaying? Watch it here. 💬 Share feedback, get swag We’d love to hear how this feature performs in your integrations — is it reliable and easy to use in your workflows? What would you like to see next? 📖 Read the docs to get started 🧢 The first 10 developers to share feedback on the 1Password Developer Community Hub by November 30th will receive exclusive 1Password swag. Be sure to tag your post with #beta-sdk-desktop-integrations.
Feature Request: API Endpoints for 1Password Usage Reports
Today, it doesn't look possible to pull the usage reports via API. We have clients who request these reports, and having to login to each customer and manually pull the report from within the Admin portal can be very time consuming. Having the ability to pull these reports via API would speed up this process, and even allow us to schedule these reports.[new tool] varlock: schema-driven env vars
TL;DR: We've launched something new, it's called varlock. It's like DMNO but simpler and easier to get started. It's built on top of the .env files you're already using. It makes them safer to use and share. We'd love your feedback. >> 🧙♂️https://varlock.dev --- We've been heads down working on the next evolution of secrets and configuration tooling building on what we've learned so far creating DMNO. If you've used DMNO, varlock will feel familiar. But instead of writing schemas in TypeScript, we've created a lightweight DSL that sits on top of your .env files. We think this allows for much simpler onboarding (and offboarding!). And because it's all based on decorators in comments, it should play nice with your existing tools. For any tools that would like to make use of this new syntax, we've also created an open specification, we call it @env-spec, and there's an active RFC if you would like to get involved. >> RFC: https://github.com/dmno-dev/varlock/discussions/17 —- So why varlock? Varlock is a suite of tools built to improve the experience of working with environment variables, both in terms of security and developer experience. It provides: Validation - catch errors in development instead of production Type-safety - improved DX via detailed IntelliSense Security - secret redaction in stdout and global console methods Environments - Compose defaults, environment-specific .env files, and local git-ignored overrides Secrets - use any third party provider that has a CLI to load values What next? We're just getting started and we have big plans to expand the feature set of varlock. Coming soon you'll see: Local override encryption via a desktop app using biometrics Shared team vaults with trustless cloud storage GitHub App to track config changes with audit trails Deeper integration with providers like 1Password If you've read this far, thank you. Please check out varlock and let us know what you think by replying to this post, or joining us on Discord. Tools like this are only as good as the community that shapes them. >> 🧙♂️https://varlock.dev Thanks ✌️
SCIM Bridge
Why is the SCIM Bridge needed? If I already have to create an Enterprise Application in Azure, then the SCIM bridge really becomes an unnecessary and overcomplicated step. I should not have to register a new domain or spin up a separate VM just to get an integration to pull accounts automatically. As an MSP and reselling this to potentially 50 different organizations, this step becomes very time-consuming and wasteful.
Passkey algorithm support
Recently I began a passkey integration and I'm using 1password to test things out. There are a great deal of passkey algorithms that exist: https://www.iana.org/assignments/cose/cose.xhtml#algorithms Unfortunately it seems like if I remove all the "Recommended: No" and "Recommended: Deprecated" ones, I am unable to get 1password to generate a passkey. It gives me a somewhat opaque "1password encountered a problem" in the passkey dialogue after I click Save, and it seems to fall back to the browser which prompts me for a security key. I see this in the console log: PortOpener: passkey-save-prompt/XXXXXX received error: "create-passkey-failed" The algorithms I chose in order to be more secure based on the recommendations on that page and what I'm able to support in my server: PS384 PS512 RS256 RS384 RS512 The "deprecated" algorithm I added to make the error go away, and allow 1password to correctly function: ES256 Is there anywhere to find the full list of passkey algorithms 1password supports so I can try to come up with a good list to use on the server-side? Ideally it wouldn't contain deprecated ones.
