This skill provides best-practice guidance and helper patterns for using the 1Password CLI (op) in automation and agent workflows. It explains safe access patterns, when to use secret references vs plaintext reads, how to run commands with injected secrets, and log/transcript hygiene to avoid leaking credentials.
Use this skill whenever an agent or automation needs to access secrets for builds, deploys, or runtime configuration. It's relevant for: running subprocesses that require credentials, creating local env files with secret references, reading item metadata safely, and designing unattended service accounts.
op run --env-file, using op read safely, extracting reference IDs, and auditing for accidental secret commits. Also includes troubleshooting and failure handling steps.This skill is applicable to agent runtimes that can shell out or run CLI tools and that support secret injection: Copilot/Codex-style agents, automation runners that use service accounts, and CLI-capable bots.
This skill has not been reviewed by our automated audit pipeline yet.
