Permit/block access to vault by IP?
I have a situation where we want to allow access to a specific vault when they're using a given source IP. When coming from that same IP, we would want to block access to all other vaults. When using other IPs, we would want to grant full access. It doesn't appear to be doable now, but I would like to put in a feature request.11Views0likes3CommentsView access of vault details for subaccounts (staff)
How can non-owning members of vaults get to the vault details page to review which team members also have access to that vault? This should be possible for any members of a vault who have view access, even if they can't edit the vault information. The small squares of team members' initials in the user's vault dashboard view fail to provide enough information.10Views0likes0CommentsNested folders in department vaults
The issue I am having is that we save a very large number of credentails and details in 1password, and currently, I am creating vaults with names of the department and a subsection name as part of the vault name As an example for illustration only: for HR, I have a vault called HR-References, another vault called HR-AnnualLeave, and another called HR-Attendance But this means we end up with a massively long list of vaults. It would be much much better if we could have nested vaults, or even folder to contains to store all the different sets of data in an organised manner under the one parent vault. so ideally we would have a vault called HR, and then within that vault, either subvaults, or folders/containers that could contain specific items by topic Hope this makes sense. Thanks51Views0likes6CommentsWindows Hotkey (CTRL + #)
Hello 1Password community, i have a problem with my windows subsystem, when i use my standard hotkey for comment out things in my IDE (CTRL + #), the 1password pops up and wants to unlock my vault. I don't see any options to configure this hotkey, can anybody help me? kind regards codmme7Views0likes1CommentFeature Request - Allow inject to run with missing references
Let's assume there is a config template like `.env.template` which I want to share with my team. This could be in a git repo that is committed as part of a code base. To run all of the tests you would need all of the env vars defined but to run a subset of the tests this isn't necessary (think unit, app and int tests). # .env.template file # SQL - Everyone has this access SQL_PASSWORD={{ op://User/sql/password }} SQL_USER={{ op://User/sql/user }} # AWS S3 - Only some people have/need to run these integration tests # aws/password doesn't exist in this user's 1password AWS_PASSWORD={{ op://User/aws/password }} AWS_USER={{ op://User/aws/user }} Now run `inject`: op inject -i .env.template -o .env -f [ERROR] 2025/07/02 13:38:51 could not resolve item UUID for item aws: could not find item aws in vault ... It would be very beneficial to have a flag that ignores missing: op inject -i .env.template -o .env -f -ignore-missing # .env file # SQL - Everyone has this access SQL_PASSWORD=abcdef SQL_USER=me # AWS S3 - Only some people have/need to run these integration tests # aws/password doesn't exist in this user's 1password AWS_PASSWORD= AWS_USER= This would really help with 1Password adoption across my team.6Views0likes3CommentsFeature Request: 1 item in more than 1 (shared) vault
I come upon this more and more often... I have a shared vault where users A, B and C have access and I am the administrator/owner. I have another shared vault where users X, Y and Z have access and I am the administrator/owner. I have an item that I need to share with all 6 of these users. I currently have 2 choices and I don't like either of them: 1/ Create a new shared folder where users A, B, C, X, Y and Z have access. This is fine in the cases of small teams. My situation however is a medium-sized business account with all of my clients in my umbrella/envelope account. Users A, B and C are not even aware of the existence of users X, Y and Z and may be uncomfortable sharing items with unknown users. 2/ Duplicate my item and store one copy in each of the shared folders. I dislike this option even more as maintaining the integrity of both copies is risky; there is always the possibility that one copy gets modified and the other does not. Feature Request: I would like to be able to assign/associate 1 item in more than 1 shared vault. The members of shared vault ABC do not need to see or be aware that the item is also in vault XYZ and vice-versa. I am open to other ways of treating this problem/situation as well... Thanks13Views1like1CommentEmployee Vaults - Access?
Hello all, our business environment requires that all passwords should be visible and reclaimable in the event that the employee leaves. This is fine with a shared vault, as other users have access as they may share them, or for redundancy. However we have a particular team where a shared vault isn't suitable, as each user has their own access to certain data. So in this case the Employee vault would be perfect. Except that I'm almost certain that these vaults can't be accessed by Overwatch roles, like Administrators or Owners, even though I've seen language on various docs from 1password that users with the right permissions can access them. Problem is I can't find these permissions to enable them to be visible when needed. What do you suggest is the best solution for this? Accounts are locked to business email addresses but reclaiming an account just because someone is on holiday and something important is stored in the Employee Vault sounds excessive...74Views0likes1CommentAssign permission to access on item level
Our team uses 1Password, and as we've grown, managing password access has become a significant challenge. Currently, to give specific people access to an item, we have to create a new vault. Since an item can only be in one vault, we end of creating many vaults to manage permissions. This means that every time we need to grant access to an item, we have to update multiple vaults and user permissions, which is time-consuming and error-prone. This has made our permission management very complex. Is there a more efficient way to grant item-level permissions or a better workflow to manage access for a growing team without creating a new vault for every single use case? edit: we are currently on the team plan22Views0likes1CommentAuditor Access (aka Global View-Only with no password access)
Hi All, tl;dr I'm hoping to be able to view all groups (with membership) and vaults (including both credentials and membership but WITHOUT being able to see/use passwords) for my entire organization. I don't strictly need to view individually managed credentials, and definitely don't need access to personal accounts. ---- Background: My company uses 1Password to manage individual and shared work accounts. I'm involved from a compliance role in various audits of user access in different systems, and I consistently run into a challenge reviewing access to shared accounts. For each shared account, I have to rely on other relevant team leads for: screenshot of the account/credential itself, including what vault/folder it's contained in screenshot of the 1Password users/groups that have access to the vault/folder If groups have access to the vault/folder, then a screenshot of the 1Password users/groups that are members of the first group (and possibly going down the rabbit hole of nested groups) Reviewing the users with access and confirming they are appropriate to continue having access (or remove, if necessary) This takes a lot of time for a compliance activity. I'm hoping to get access myself, but haven't been able to figure it out yet with my helpdesk team. Additionally, I know other teams perform similar reviews but for different systems, so I'm hoping this can be a role or group that myself and other compliance/auditor team members can have. Q1: Is it possible to get a role in 1Password that provides access to all vaults (with membership), credentials in vaults (WITHOUT being able to see/use passwords - just the credential name, system, and username/email), and groups (with membership)? Q2: Or if this access/role is not possible, is it possible to build a report that pulls this information in? I could just run the report when I'm doing this review. Q3: How are other people doing this? Am I missing something totally obvious? Appreciate anyone's response and help. Thanks! -KCSolved70Views0likes5Comments