Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Frustrations with .env File Handling and Environments in 1Password
To whom it may concern, I just tried to add some basic .env files to 1Password and was honestly surprised at how difficult and unsatisfying the experience was. I’ve always considered 1Password a premium, polished product, and I’ve really enjoyed using it so far. But in this case, the lack of functionality is pretty disappointing. I know you recently launched the Environments beta, which seems like a step in the right direction, but it’s clearly not fully fleshed out. Most programming projects of mine include multiple environment files, not just one. Some values in these files are sensitive, and others aren’t, so we should be able to choose which fields are masked (as passwords) and which are shown normally. Importing and exporting environment files should also be seamless, currently, it’s anything but. But the biggest issue with Environments right now is that they apparently don’t belong to vaults. That means I can’t share them with coworkers, which makes them basically useless for team projects. What’s the point of having them at all if they can’t be shared? So I tried workarounds: First, I attempted to store the variables in a secure note. While you can manually add fields, that’s clunky and time-consuming. Then I tried uploading the .env file to the note, but on macOS, the file picker doesn’t show hidden files, and apparently there’s no way to make it do so. This made it impossible to upload the file with its original name, a really basic oversight, and one that shouldn’t exist in a premium product. Next, I tried using a Document item. At least the drag-and-drop upload worked (unlike Secure Notes), but now I’m locked into a document type that only allows a single file. That’s just not workable when a project has multiple secret environment files. Even worse, if I want to replace the file, the drag-and-drop UI disappears entirely, so I can’t upload a hidden file again. I’d have to delete the entire document and start over. That’s absurd. I genuinely respect the work you’ve done on 1Password; it’s one of the few tools I’ve used that felt reliable and trustworthy out of the box. But these gaps in functionality around something as basic as handling environment files are frustrating. And for a product at this price point, I expect this sort of workflow to just work. It’s hard to believe these limitations haven’t already been addressed. On top of that, it was surprisingly difficult to even find a proper way to give feedback like this. That feels like a mistake, if users can’t easily tell you where the product falls short, you miss the chance to improve it. Anyway, I needed to get this off my chest. I hope this feedback is helpful, and that we’ll see improvements to these features soon. Best regards, Joël Grosjean
1password-cli brew installation/upgrade fails
Hi Since I have updated brew today, any of these command fails : $ brew upgrade $ brew upgrade 1password-cli $ brew install 1password-cli ==> Fetching downloads for: 1password-cli ✔︎ Cask 1password-cli (2.32.0) [Verifying 8.8MB/ 8.8MB] Error: Cask '1password-cli' definition is invalid: invalid 'depends_on macos' value: unknown or unsupported macOS version: :"10.11" It looks like an issue with the 1password-cli cask, that defines an older MacOS version that is no longer supported by brew... It is rather annoying because I don't want to uninstall 1password-cli ( I use it to store my development secrets: API keys, etc.) and I need a recent version of brew... Please halp! Fred $ uname -a Darwin localhost 24.6.0 Darwin Kernel Version 24.6.0: Mon Aug 11 21:16:05 PDT 2025; root:xnu-11417.140.69.701.11~1/RELEASE_X86_64 x86_64 $ op --version 2.31.1 $ brew config HOMEBREW_VERSION: 4.6.20-112-gb652f7b ORIGIN: https://github.com/Homebrew/brew HEAD: b652f7b61019b6a8babb078dfcff13352bc4604d Last commit: 74 minutes ago Branch: main Core tap HEAD: fdf138096bec1258922d3cd4ec1647d3923bf4bd Core tap last commit: 47 minutes ago Core tap JSON: 10 Nov 18:40 UTC Core cask tap JSON: 10 Nov 18:40 UTC HOMEBREW_PREFIX: /usr/local HOMEBREW_CASK_OPTS: [] HOMEBREW_DISPLAY: /private/tmp/com.apple.launchd.ibhXfildbe/org.macosforge.xquartz:0 HOMEBREW_DOWNLOAD_CONCURRENCY: 16 HOMEBREW_EDITOR: emacs HOMEBREW_FORBID_PACKAGES_FROM_PATHS: set HOMEBREW_MAKE_JOBS: 8 HOMEBREW_SORBET_RUNTIME: set Homebrew Ruby: 3.4.5 => /usr/local/Homebrew/Library/Homebrew/vendor/portable-ruby/3.4.5/bin/ruby CPU: octa-core 64-bit kabylake Clang: 17.0.0 build 1700 Git: 2.51.2 => /usr/local/bin/git Curl: 8.7.1 => /usr/bin/curl macOS: 15.7.1-x86_64 CLT: 26.1.0.0.1.1761104275 Xcode: N/A
"Connection Refused" when accessing 1Password ssh-agent within DevContainer
I've been trying to get this to work for a few hours and I'm at a loss for what to do next, so asking for ideas about what the problem could be. My software stack is macOS 26/Tahoe, 1Password 8.11.16, Orbstack (for containers), and VSCode w/DevContainers. I have my SSH keys in 1Password and when executed from the host system, the keys are visible (and SSH works): % SSH_AUTH_SOCK="${HOME}/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock" ssh-add -l 256 SHA256:... (ED25519) % ssh -T git@github.com Hi <username>! You've successfully authenticated, but GitHub does not provide shell access. I have the DevContainer configuration to bind-mount the socket into the container and set a proper `SSH_AUTH_SOCK` value: "mounts": [ "source=${env:HOME}/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock,target=/tmp/ssh-agent-1password.sock,type=bind" ], "remoteEnv": { "SSH_AUTH_SOCK": "/tmp/ssh-agent-1password.sock" }, ... when I am in the container, the socket looks right, `SSH_AUTH_SOCK` is correct, but `ssh-add` fails to connect with an error: root@5a53d7e1c685:/tmp# ls -la ssh-agent-1password.sock srw------- 1 root root 0 Nov 2 16:36 ssh-agent-1password.sock root@5a53d7e1c685:/tmp# echo $SSH_AUTH_SOCK /tmp/ssh-agent-1password.sock root@5a53d7e1c685:/tmp# ssh-add -l Error connecting to agent: Connection refused I've verified that the directory itself IS accessible to docker by changing `source=${env:HOME}/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock` to be `source=${env:HOME}/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sockk` and restarting the container -- when I do that, the directory `agent.sockk` is created within the directory as expected (which I am interpreting as evidence that Docker can traverse all the way to the directory and create a sub-folder within it). I suspect what is happening is that 1Password is blocking the connection entirely (meaning it isn't a filesystem permissions error or otherwise), but I'm not sure how to prove that is the case or how to fix it if it IS the case. Any ideas for diagnostic steps to take next?
AWS Shell plugin is not providing session token
Hello, I tried to set up AWS shell plugin in a way that it'll provide me short lived tokens. I need these for our internal tools that use AWS SDK and is able to work with these temporary credentials, so 1Password doesn't see this to be something originating from `aws` cli. I'm trying to understand how can I use 1Password to only hand out temporary credentials so that the application doesn't have to deal with getting the tokens itself. According to Shell plugin docs (https://developer.1password.com/docs/cli/shell-plugins/aws/#optional-set-up-multi-factor-authentication) there should be session token set up, but I don't see it. I don't understand how it should get there and when should it be available. It's currently set up in this manner and aws plugin seems to be able to use MFA: op % op item get xyz ID: xyz Title: AWS Vault: Employee (abc) Created: 2 years ago Updated: 20 minutes ago by [me] Favorite: false Tags: XXX Version: 42 Category: LOGIN Fields: username: [username] password: [use 'op item get xyz --reveal' to reveal] access key id: [access-key] secret access key: [use 'op item get xyz --reveal' to reveal] one-time password: 123456 mfa serial: arn:aws:iam::[rest] Default region: [region] Account ID: [account-id] URLs: website: https://us-east-1.console.aws.amazon.com/iam/...
Chrome plugin popup doesn't close anymore
On Chrome for Mac I have installed the 1Password plugin. Since recently, the popup that opens up prompting to save credentials won't close anymore no matter what I do - clicking on the 'x', clicking outside, pressing on the 'Unlock 1Password' button, hitting the Esc key. Chrome version: 141.0.7390.123 (Official Build) (arm64)ssh agent and ansible 12 prompting incessantly
I've been using the SSH Agent in 1Password for a couple of years now, with very little trouble. This includes lots of SSH to individual machines as well as a fair amount of ansible scripting using versions prior to 12 and run directly from Terminal. Recently, I did a `brew upgrade` and ended up with Ansible 12. After that, it has become commonplace that ansible scripts run on my local machine and talking to nearby devices over the network result in 1passwd SSH agent prompting for every...single...command. I rolled back to ansible 10 (11 not available directly in Brew any longer) and the behavior returned to normal: prompting at the outset of my ansible script and not again until the next time I run a script. Running Ansible (as opposed to directly sshing in Terminal) has always prompted at the run, and usually for each individual destination machine, but that has been it. With the change to Ansible 12, the prompting from the SSH agent in 1password is now such that it is not usable. For the time being, I can roll back to ansible 10, but that won't be the case forever. Does anyone else have experience with this? Any recommendations for either diagnostics or solutions other than just disabling 1password's otherwise-highly-useful SSH Agent?
"op inject" does not find item in vault
Hi, I'm currently trying to generate a .env file locally using a .env.reference containing secret references, but I keep getting an error when running op inject. Any help on this would be much appreciated. --- .env.reference APP_ENV="op://Env_Server_Local/APP_ENV/password" FRONTEND_APP_URL="op://Env_Server_Local/FRONTEND_APP_URL/password" SERVER_URL="op://Env_Server_Local/SERVER_URL/password" > When running op read, it works % op read op://Env_Server_Local/APP_ENV/password development > When running op inject to generate the .env file, it fails. The secret does exist and was not deleted or archived. % op inject -i packages/server/.env.reference -o packages/server/.env [ERROR] 2025/06/13 08:45:14 could not find item APP_ENV in vault Env_Server_Local, because it has been deleted or archived. Please restore the item if you want to use it with secret provisioning. I feel it might be due to adding new items to the vault / updating existing items. --- 1password-cli : 2.31.1 desktop app: 1Password for Mac 8.10.80 (81080023) ---- This is blocking us from fully integrating 1password as secrets manager. Any help appreciated 🙏Fingerprint sensor support on remote systems?
Hello, maybe I missed something. Hence, I am asking before buying a new Mac Keyboard with sensor ... I use 1Password for: local stuff on my Mac on remote systems over ssh Visual Studio Code (VSC) remote over ssh VSC Docker devcontainers on remote Linux systems (In VSC open a folder on a remote system, open the project folder in docker devcontainers) Typing in the vault password is a cumbersome thing, when done too often, and restarting and rebuilding the containers, are new shells / terminals requesting entering the 1Password vault password often. Hence, I am looking for a way to make this simpler and hoped for support of the fingerprint sensor on remote systems.
