1Password Secrets Automation lets you securely store and retrieve credentials from 1Password vaults. This integration uses a service account token to authenticate with the 1Password SDK.
Prerequisites
- A 1Password account with the Teams or Business plan (service accounts require a paid plan)
- Permission to create service accounts in your 1Password account
Step 1 — Create a service account
- Sign in to 1password.com and go to Developer Tools → Service Accounts.
- Click Create a service account.
- Give it a name (e.g.
Activepieces).
- Grant it Read Items access on the vaults Activepieces needs to access.
- Click Create service account and copy the token — it starts with
ops_ and is shown only once.
Store the token securely. Once you leave the page, 1Password will not show it again.
Step 2 — Connect in Activepieces
- Go to Platform Admin → Security → Secret Managers.
- Select 1Password from the provider list.
- Paste the Service Account Token from Step 1.
- Click Connect to test and save the connection.
Using 1Password in connections
When configuring a global connection that requires credentials:
- Click the key icon (🔑) next to the credential field.
- Select a 1Password connection from the list.
- Enter the Secret Reference in the format:
- vault — the vault name or ID (e.g.
Production)
- item — the item title or ID (e.g.
Stripe)
- field — the field label within the item (e.g.
password, api key)
Activepieces will retrieve the secret value from 1Password and inject it into the connection at runtime.
Example secret references
| 1Password location | Reference |
|---|
Vault Production → Item Stripe → Field Secret Key | op://Production/Stripe/Secret Key |
Vault Shared → Item Database → Field password | op://Shared/Database/password |
If you update existing secrets and you can’t see the update reflected, refer to caching. 
