Creativity · MCP — server

MCP 1Password Server

The MCP 1Password Server is a community-maintained Model Context Protocol server that wraps the 1Password CLI (or 1Password Connect) so an MCP client can query vaults and reference items without the model ever seeing raw secrets. Responses return op:// reference URIs that another tool can resolve at runtime.

MCP facts

Kind: server
Ecosystem: anthropic-mcp
Language: TypeScript / Node.js
Transports: stdio

Capabilities

Tools: list_vaults, list_items, get_item, get_reference, inject_env
Resources: op://vault/{id} and op://item/{id} URIs
Auth: OP_SERVICE_ACCOUNT_TOKEN or interactive CLI session

Install

npx -y @modelcontextprotocol/server-1password

Configuration

{
  "mcpServers": {
    "1password": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-1password"],
      "env": { "OP_SERVICE_ACCOUNT_TOKEN": "ops_..." }
    }
  }
}

Frequently asked questions

Will the model see my passwords?

No — the server returns op:// references. Your downstream process (shell, CI, other tool) resolves the reference. This keeps raw credentials out of LLM context.

Is this server official?

1Password has published official MCP integrations in certain betas, but most public servers today are community-maintained wrappers around the op CLI. Check the repo before installing.

How do I scope access?

Create a service account limited to the specific vaults the model needs, grant read-only permissions, and rotate the token regularly.

Sources

1Password Developer docs — accessed 2026-04-20
MCP community servers — accessed 2026-04-20