Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Events API
We need to track events occurring in 1password. I have enabled the Events API integration. If I run the CURL command: curl --request POST \ --url https://events.1password.com/api/v2/auditevents \ --header 'Authorization: Bearer <mytoken>' \ --header 'Content-Type: application/json' \ --data '{ "limit":1, "start_time": "2026-01-01T00:00:00Z" }' Being a windows shop, we prefer to use powershell for API requests. If I repackage the above into the following script, I continually get "Bad Request" $tok="<my token>" $header=@{ Authorization = "Bearer $($tok)" 'Content-Type'='application/json' } $data=@{ limit=100 'start_time'= '01-01-2026T00:00:00Z' } $url="https://events.1password.com/api/v2/auditevents" $response=Invoke-WebRequest -Uri $url -headers $header -Method post -Body $data -Authentication $response I cannot figure out the issue. Any ideas?
Feature Request: Disable SSH Agent via macOS Menu Bar
It would be great to add an option 'Disable SSH Agent' to the 1Password Menu Bar Item on macOS. There's already an option to 'Disable Snippet Expansion' which is helpful. The 'Disable SSH Agent' would work the same. This would be helpful in scenarios where you are connecting to a system via SSH that doesn't have any of your 1Password-managed SSH keys. When I have the agent enabled, I often get `Too many authentication failures` for those systems. The ability to quickly disable and re-enable afterwards would be helpful. The current solution is to open the app, go to Settings > Developer, and toggle it there - which is cumbersome: To avoid confusing non-developer users with the option, it could only show up when the 1Password Developer experience was activated, or when the SSH Agent was enabled at least once. Thanks!
SCIM bridge deployment on Azure with private endpoint
Hi, I have setup a 1Password SCIM bridge successfully on Azure using the json template aca-op-scim-bridge-template.json. What I noticed is that the SCIM bridge is using a public URL which is also used with the Entra integration. Azure SCIM service is using the public URL and a bearer token to make connection to the 1Password SCIM bridge. I do see that it is possible to setup IP restriction on the URL but the problem is that the Azure SCIM service is using changing IP's. My first thought is using a private endpoint on the SCIM bridge and disallow public access. Does anyone already realized that? Is there a template for? Or am I thinking to difficult? Thanks in advance, Wim
SCIM Bridge Fails Sync
We're running SCIM Bridge 2.9.9 and the only method to achieve a successful sync and subsequent provisioning of accounts, is by logging into the Bridge and manually executing the "Sync Groups" function. All 5 status indicators in the Bridge are green and state "Connected", the Google Workspace User Provisioning integration within our 1Password console reflects "Good" health, successful connection with the bridge, and Provisioning users and groups is enabled. There is an error in the SCIM log about a certificate, but it does not prohibit a successful sync with the "Sync Groups" groups function in the bridge. Log snippet with IP Address redacted: "certificate is not allowed for server name xxx.xxx.xxx.xxx: certificate for 'xxx.xxx.xxx.xxx' is not managed","domain":"xxx.xxx.xxx.xxx","time":"2025-04-11T00:05:55Z","message":"certificate manager error while getting certificate" There are no other errors in the log. Please advise🔊 Securing Cursor agentic development with 1Password Environments
Today we announced a new integration between 1Password and Cursor that helps reduce credential exposure during AI-assisted development. With the new 1Password Environments Hook Script for Cursor, teams can use 1Password Environments to make required secrets securely available to Cursor workflows, only when authorized and only when needed during development. The Hook Script validates that the correct environment setup is in place, while 1Password remains the secure source of truth for secrets, tokens, and credentials referenced by your project’s .env configuration. Secrets are made available at runtime via 1Password, governed by the same vaults, policies, and permissions your team already relies on. How it works (high level) When a Cursor agent needs to run a command or perform an action that requires access to API keys, tokens or credentials: Before Cursor runs any shell commands, the 1Password Environments Hook Script is invoked. The script verifies that required locally mounted .env files from 1Password Environments are present and available. If everything checks out, the script allows the command to run. If not, it returns context specific instructions for how to fix the setup. When a process requests access, 1Password prompts you to authorize and then makes the required secret available in memory for the runtime session. Get started If you’re experimenting with Cursor or rolling out AI-assisted development workflows across your team or organization, this integration gives you a safer way to enable agents to assist your developers. Read the full announcement: “Bringing secure, just-in-time secrets to Cursor with 1Password” Explore the 1Password Environments documentation for Cursor Hooks Learn more about Cursor Hooks for security and platforms teams Questions, feedback, or early learnings? Reply here, we’d love to hear what you build.
WSL2 + 1Password CLI
I have a WSL2 system set up with NixOS where I used to be able to use shell plugins (primarily the `gh` tool for GitHub) - but today it is not working, throwing an error message: [ERROR] 2025/12/27 22:35:25 Shell Plugins can only be used with the 1Password app integration enabled. To learn more about this feature, check out: https://developer.1password.com/docs/cli/about-biometric-unlock/ This used to work - but unfortunately I don't know exactly _when_ it stopped working, I use the VM sporadically. Config: $ op plugin inspect ? Choose which CLI configuration to inspect: gh (GitHub) GitHub CLI Configured Aliases ✔ Alias for "gh" configured ✔ Aliases sourced (/home/gac/.config/op/plugins.sh) Configured Credentials ✔ Configured as global default: CREDENTIAL TYPE ITEM VAULT GitHub Personal Access Token GitHub Personal Access Token Private Versions: $ uname -a Linux wsl 6.6.87.2-microsoft-standard-WSL2 #1 SMP PREEMPT_DYNAMIC Thu Jun 5 18:30:46 UTC 2025 x86_64 GNU/Linux $ nixos-version 25.11.20251226.f560cce (Xantusia) $ op --version 2.32.0 $ wsl.exe --version WSL version: 2.6.3.0 Kernel version: 6.6.87.2-1 WSLg version: 1.0.71 MSRDC version: 1.2.6353 Direct3D version: 1.611.1-81528511 DXCore version: 10.0.26100.1-240331-1435.ge-release Windows version: 10.0.26200.7462 If biometric login is a hard requirement then this is problematic to say the least as this is a desktop - there is no Windows Hello and no biometric capability. The documentation page does redirect to a different page about app integration, however this seems to only cover common use cases such as "I am using Windows and I want access to 1Password from Powershell" or "I have macOS and want access from the native terminal with `bash`/`zsh`". There doesn't seem to be any advice for running within a WSL2 virtual machine where 1Password is running _outside_ of the VM and I need access for shell plugins _inside_ the VM... Any tips or advice?Unofficial 1Password SDK for Rust
For some small projects I wanted to use a secure way of handling secrets in my backend code, without taking out the big guns and adding a ton of infrastructure overhead (e.g: Azure Key Vault). After some "research" and diving into the op cli options and official Python, Javascript and Go SDKs, I thought I could probably build a simple wrapper around the core SDK library used in the Python SDK. After some trial implementations across multiple rust projects I thought it would be a nice addition to 1passwords ecosystem. If you're interested using the SDK head over to the github page at: https://github.com/Trendium-Labs/corteq-onepassword Curious about the security and inner workings? it's documented at https://github.com/Trendium-Labs/corteq-onepassword/blob/main/docs/ARCHITECTURE.md Please share your feedback, thoughts and use cases to improve this unofficial SDK. Ps:1P_Phil and team have been notified to see if and how to take this unofficial approach forward. Happy holidays! BrianCustom aliases and OpenSSH fields for SSH Bookmarks
SSH bookmarks is a great feature - one I was intending on building myself until I found 1Password's docs for it. However, it is missing a couple important features for me to be truly happy with it. I setup aliases for my common SSH hosts, and would like to be able to add these into 1Password. In particular, I want to be able to set custom names for each bookmark. For instance, I SSH to my university's servers typically with `ssh unsw`, not the far longer `ssh zXXXXXXX@loginX.cse.unsw.edu.au`, which is what the bookmark matches on. In addition, some of these bookmarks are for trusted hosts, where I want to enable `ForwardAgent yes` or similar additional OpenSSH options, and being able to use bookmarks to set these across my devices would be extremely helpful. Currently, I have a config file local to each computer that contains something like the following for each host: Host unsw User zXXXXXXX HostName loginX.cse.unsw.edu.au ForwardAgent yes CanonicalizeHostname yes This converts `unsw` to the long form user and host that is matched by the bookmark config. Ideally, these could all be configured via 1Password. A generic syntax for custom OpenSSH options would also solve other missing properties mentioned by others on this forum (e.g. ports).
SSH Bookmarks don't support Port Numbers
It's fairly common to run SSH on non-standard ports. But it appears 1Password does not support this. Per https://developer.1password.com/docs/ssh/bookmarks/ for IPv6 you would use `ssh://user@2001:DB8:a8b0:5678::200c` which is a problem because ports are usually specified with a : as well. The URL standard is to use brackets, so `ssh://user@[2001:DB8:a8b0:5678::200c]:2222` would be the syntax which makes the most sense. Could this support be added to 1Password?
