Agent runtimes & authentication
1Password Integration for Agent Secrets
Status: Partially implemented — env references, console picker, per-reference account pinning, and Claude-token writes are shipped; read-only secret file mounts remain future work
Canonical Docs For Shipped Behavior
- Environment Variables — operator-facing
op://env values, scopes, and launch diagnostics. - Authentication — how 1Password-backed values feed auth modes.
- Claude Token Orchestrator — contributor details for Claude-token 1Password writes and validation.
This roadmap item no longer repeats shipped op:// env behavior. Keep shipped details in the standard docs above.
Remaining Work
Agents sometimes need credentials as files rather than environment variables, for example SSH keys, kubeconfigs, or cloud-provider config files. Today those still require explicit mounts or project-specific setup.
Future work: add a first-class read-only secret file mechanism, likely a workspace-scoped config shape such as [workspaces.*.op_files], that resolves selected 1Password fields into temporary files and mounts them read-only into the container.
Constraints
- Secret files must be materialized outside image builds and never written into role repos.
- Mounts should be narrow, explicit, and auditable in launch previews.
- The design should reuse the same credential-source vocabulary used by operator env and auth flows, rather than adding another 1Password-only parser.