Agent runtimes & authentication

1Password Integration for Agent Secrets

Status: Partially implemented — env references, console picker, per-reference account pinning, and Claude-token writes are shipped; read-only secret file mounts remain future work

Canonical Docs For Shipped Behavior

This roadmap item no longer repeats shipped op:// env behavior. Keep shipped details in the standard docs above.

Remaining Work

Agents sometimes need credentials as files rather than environment variables, for example SSH keys, kubeconfigs, or cloud-provider config files. Today those still require explicit mounts or project-specific setup.

Future work: add a first-class read-only secret file mechanism, likely a workspace-scoped config shape such as [workspaces.*.op_files], that resolves selected 1Password fields into temporary files and mounts them read-only into the container.

Constraints

  • Secret files must be materialized outside image builds and never written into role repos.
  • Mounts should be narrow, explicit, and auditable in launch previews.
  • The design should reuse the same credential-source vocabulary used by operator env and auth flows, rather than adding another 1Password-only parser.

On this page