# 1Password Integration for Agent Secrets (https://jackin.tailrocks.com/roadmap/onepassword-integration/)



**Status**: Partially implemented — env references, console picker, per-reference account pinning, and Claude-token writes are shipped; read-only secret file mounts remain future work

## Canonical Docs For Shipped Behavior [#canonical-docs-for-shipped-behavior]

* [Environment Variables](/guides/environment-variables/) — operator-facing `op://` env values, scopes, and launch diagnostics.
* [Authentication](/guides/authentication/) — how 1Password-backed values feed auth modes.
* [Claude Token Orchestrator](/reference/capsule/token-orchestrator/) — contributor details for Claude-token 1Password writes and validation.

This roadmap item no longer repeats shipped `op://` env behavior. Keep shipped details in the standard docs above.

## Remaining Work [#remaining-work]

Agents sometimes need credentials as files rather than environment variables, for example SSH keys, kubeconfigs, or cloud-provider config files. Today those still require explicit mounts or project-specific setup.

Future work: add a first-class read-only secret file mechanism, likely a workspace-scoped config shape such as `[workspaces.*.op_files]`, that resolves selected 1Password fields into temporary files and mounts them read-only into the container.

## Constraints [#constraints]

* Secret files must be materialized outside image builds and never written into role repos.
* Mounts should be narrow, explicit, and auditable in launch previews.
* The design should reuse the same credential-source vocabulary used by operator env and auth flows, rather than adding another 1Password-only parser.
