1password

The skill follows a strict, safe workflow to ensure secrets are never leaked:Detects your OS and shell environment.Verifies the op CLI is present (op --version).Confirms the 1Password desktop app integration is enabled and the app is unlocked.Creates a dedicated tmux session with a fresh socket — all op commands run inside this session to avoid TTY re-prompts and session leakage.Runs op signin inside tmux and waits for the desktop app authorization prompt.Verifies access with op whoami before reading any secrets.Uses --account or OP_ACCOUNT when multiple accounts are configured.

Safe Secret Injection — Uses op run and op inject to pass secrets into processes and config files at runtime, never writing them to disk.tmux-Based Isolation — All op commands execute inside a dedicated tmux session with a fresh socket, preventing TTY issues and stale session conflicts.Multi-Account Support — Handles multiple 1Password accounts via the --account flag or OP_ACCOUNT environment variable.Desktop App Integration — Works with the 1Password desktop app for biometric/system-level authorization without storing master passwords.Guardrails Built In — Enforces strict rules: no secrets in logs or chat, no op calls outside tmux, and clear recovery steps when sign-in expires.

1Password Account — A valid 1Password account (individual, Teams, or Business). Required to authenticate and access vaults.1Password Desktop App — Required for desktop app integration and app-based authorization prompts. Must be installed, running, and unlocked.tmux — Required. All op commands must run inside a tmux session; the skill will not proceed if tmux is unavailable.

CI / Automation Secrets — Inject API keys and database credentials into scripts at runtime using op run, keeping secrets out of environment files and repos.Config File Population — Use op inject to fill .env or config templates with live vault values before starting a service.Multi-Account Workflows — Switch between personal and work 1Password accounts in the same session using --account flags.Secure Agent Automation — Let an AI agent authenticate to external services using credentials stored in 1Password without ever exposing the raw secret values.