1Password Python SDK

Build integrations that programmatically access your secrets in 1Password.

Documentation | Examples

---

Requirements

The 1Password Python SDK is compatible with:

• python 3.8 or later
• libssl 3
• glibc 2.32 or later

If you're running a Linux distribution that still uses libssl version 1.1.1, such as Debian 11 or Ubuntu 20.04, you'll need to update to a later version of Linux or install the required dependencies.

🚀 Get started

To use the 1Password Python SDK in your project:

1. Create a service account and give it the appropriate permissions in the vaults where the items you want to use with the SDK are saved.

2. Provision your service account token. We recommend provisioning your token from the environment. For example, to export your token to the OP_SERVICE_ACCOUNT_TOKEN environment variable:

   macOS or Linux

   export OP_SERVICE_ACCOUNT_TOKEN=<your-service-account-token>

   Windows

   $Env:OP_SERVICE_ACCOUNT_TOKEN = "<your-service-account-token>"

3. Install the 1Password Python SDK in your project:

   pip install git+ssh://git@github.com/1Password/onepassword-sdk-python.git@v0.1.1

4. Use the Python SDK in your project:

import asyncio
import os
from onepassword.client import Client

async def main():
    # Gets your service account token from the OP_SERVICE_ACCOUNT_TOKEN environment variable.
    token = os.getenv("OP_SERVICE_ACCOUNT_TOKEN")

    # Connects to 1Password. Fill in your own integration name and version.
    client = await Client.authenticate(auth=token, integration_name="My 1Password Integration", integration_version="v1.0.0")

    # Retrieves a secret from 1Password. Takes a secret reference as input and returns the secret to which it points.
    value = await client.secrets.resolve("op://vault/item/field")
    # use value here

if __name__ == '__main__':
    asyncio.run(main())

Make sure to use secret reference URIs with the syntax op://vault/item/field to securely load secrets from 1Password into your code.

Supported functionality

1Password SDKs are in active development. We're keen to hear what you'd like to see next. Let us know by upvoting or filing an issue.

Item management

Operations:

• Retrieve secrets
• Retrieve items
• Create items
• Update items
• Delete items
• List items
• Add & update tags on items

Field types:

• API Keys
• Passwords
• Concealed fields
• Text fields
• Notes
• SSH private keys (partially supported: supported in resolving secret references, not yet supported in item create/get/update)
• SSH public keys, fingerprint and key type
• One-time passwords
• URLs
• Websites (used to suggest and autofill logins)
• Phone numbers
• Credit card types
• Files attachments and Document items

Vault management

• Retrieve vaults
• Create vaults (#36)
• Update vaults
• Delete vaults
• List vaults

User & access management

• Provision users
• Retrieve users
• List users
• Suspend users
• Create groups
• Update group membership
• Update vault access & permissions

Compliance & reporting

• Watchtower insights
• Travel mode
• Events. For now, use 1Password Events Reporting API directly.

Authentication

• 1Password Service Accounts
• User authentication
• 1Password Connect. For now, use 1Password/connect-sdk-go.

📖 Learn more

• Load secrets with 1Password SDKs
• Manage items with 1Password SDKs
• List vaults and items with 1Password SDKs
• 1Password SDK concepts