74
/ 100
26 days ago
glama

mcp-1password

An MCP server that integrates 1Password with AI agents, providing secure access to vaults and items with secrets redacted by default.

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
🔐
You'll be asked for 6 credentials: OP_CONNECT_TOKEN, OP_MCP_HTTP_BEARER_TOKEN, OP_MCP_HTTP_REQUIRE_BEARER, OP_MCP_SERVICE_ACCOUNT_TOKEN, OP_MCP_TEST_SECRET, OP_SERVICE_ACCOUNT_TOKEN
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
configComSpec
configOP_CONNECT_HOSTconnect-host http://127.0.0.1:8080 Localhost Connect API URL, required to stay on localhost for this POC
🔐 secretOP_CONNECT_TOKEN"<connect-token>" \
configOP_MCP_ACCOUNTaccount - Account name or UUID, required in desktop mode
configOP_MCP_ACKNOWLEDGE_UNRESTRICTED_RUNNERacknowledge-unrestricted-runner - Required only when disabling session approval; exact value: I_UNDERSTAND_THIS_ALLOWS_UNRESTRICTED_LOCAL_COMMAND_EXECUTION
configOP_MCP_APPROVAL_REMEMBER_KEY_PATHapproval-remember-key-path ~/.onepassword-mcp/approval-grants.key Local 32-byte AES key file used to encrypt remembered approval grants
configOP_MCP_APPROVAL_REMEMBER_STORE_PATHapproval-remember-store-path ~/.onepassword-mcp/approval-grants.enc.json Encrypted local approval grants file for the approval page's 24h remember checkbox
configOP_MCP_APPROVAL_REMEMBER_TTL_MSapproval-remember-ttl-ms 86400000 Lifetime for approvals remembered across MCP sessions
configOP_MCP_AUDIT_LOG_PATHaudit-log-path ~/.onepassword-mcp/audit.jsonl Audit log path
configOP_MCP_AUTH_MODEauth-mode desktop desktop, service-account, or connect
configOP_MCP_CONNECT_TIMEOUT_MSconnect-timeout-ms 30000 Connect request timeout
configOP_MCP_DIAGNOSTICS
configOP_MCP_ENABLE_DESTRUCTIVE_ACTIONSenable-destructive-actions false Allow archive and delete operations
configOP_MCP_ENABLE_PERMISSION_MUTATIONenable-permission-mutation false Allow vault permission changes
configOP_MCP_ENABLE_SCRIPT_RUNNERenable-script-runner false Allow execution of allowlisted scripts
configOP_MCP_ENABLE_SECRET_REVEALenable-secret-reveal false Allow plaintext secret reveal
configOP_MCP_ENABLE_UNRESTRICTED_RUNNERenable-unrestricted-runner false Allow the separate free-form shell command runner
configOP_MCP_ENABLE_UNRESTRICTED_SCRIPT_RUNNERenable-unrestricted-script-runner false Enable op_script_run free-form shell commands with 1Password injection after one local approval per MCP process; allowlists are ignored
configOP_MCP_ENABLE_WRITESenable-writes false Allow item and vault creation/update
configOP_MCP_HTTP_ALLOWED_ORIGINShttp-allowed-origin Localhost origins for the current port Browser origins allowed for HTTP transport; strict Origin validation, repeatable flag, comma-separated env
🔐 secretOP_MCP_HTTP_BEARER_TOKEN"$(openssl rand -base64 32)" \
configOP_MCP_HTTP_HOSThttp-host 127.0.0.1 HTTP bind address
configOP_MCP_HTTP_MAX_SESSIONShttp-max-sessions 64 Maximum active HTTP MCP sessions
configOP_MCP_HTTP_PATHhttp-path /mcp HTTP path prefix
configOP_MCP_HTTP_PORThttp-port 17337 HTTP port
configOP_MCP_HTTP_REQUEST_TIMEOUT_MShttp-request-timeout-ms 30000 HTTP request timeout
🔐 secretOP_MCP_HTTP_REQUIRE_BEARERhttp-require-bearer true when HTTP is enabled Require Authorization: Bearer
configOP_MCP_HTTP_SESSION_IDLE_MShttp-session-idle-ms 900000 Idle HTTP session expiry
configOP_MCP_LOG_LEVELlog-level info debug, info, warn, or error
configOP_MCP_OP_CLI_AUTH_MODEop-cli-auth-mode auto auto, desktop, manual-session, or service-account
configOP_MCP_OP_CLI_PATHop-cli-path op Path to the op binary; must be absolute when the script runner is enabled
configOP_MCP_SCRIPT_RUNNER_ALLOWLISTSscript-runner-allowlist - Absolute path to an allowlist file; repeatable
configOP_MCP_SCRIPT_RUNNER_ALLOWLIST_MANIFESTSscript-runner-allowlist-manifest - Absolute path to a manifest listing allowlist files; repeatable
configOP_MCP_SCRIPT_RUNNER_ROOTSscript-runner-root - Trusted workspace root; repeatable
🔐 secretOP_MCP_SERVICE_ACCOUNT_TOKEN
configOP_MCP_SMOKE_AUDIT_LOG_PATH
🔐 secretOP_MCP_TEST_SECRET
configOP_MCP_TRANSPORTtransport stdio stdio or http
configOP_MCP_UNRESTRICTED_RUNNER_APPROVAL_HOSTunrestricted-runner-approval-host 127.0.0.1 Local approval server bind host; localhost only
configOP_MCP_UNRESTRICTED_RUNNER_APPROVAL_PORTunrestricted-runner-approval-port 0 Local approval server port; 0 picks a free port
configOP_MCP_UNRESTRICTED_RUNNER_APPROVAL_TTL_MSunrestricted-runner-approval-ttl-ms 43200000 In-memory approval lifetime
configOP_MCP_UNRESTRICTED_RUNNER_COMMAND_TIMEOUT_MSunrestricted-runner-command-timeout-ms 600000 Free-form command timeout
configOP_MCP_UNRESTRICTED_RUNNER_REQUIRE_SESSION_APPROVALunrestricted-runner-require-session-approval true Require local approval page before commands can run
configOP_MCP_UNRESTRICTED_RUNNER_ROOTSunrestricted-runner-root - Root path eligible for unrestricted execution approval; repeatable
🔐 secretOP_SERVICE_ACCOUNT_TOKEN"": "<service-account-token>"
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 5 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/kefapps-onepassword-mcp-codex-0tk1uf)](https://m8ven.ai/mcp/kefapps-onepassword-mcp-codex-0tk1uf)
commit: f5912ef27b608f47562592e65800171523c4bfba
code hash: f3d209fcc230ad5aa4e01334f9457a3f400f8329ac40d8810e60ec704808428b
verified: 6/15/2026, 1:48:22 PM
view raw JSON →