op-mcp

op-mcp

Enables to manage 1Password resources including vaults, items, documents, users, groups, and more through the 1Password CLI, exposing 65 tools for comprehensive password management via natural language.

Category
Visit Server

README

op-mcp

MCP (Model Context Protocol) server for 1Password CLI, implemented in Bun TypeScript.

This is a port of the Rust op-mcp implementation to TypeScript for use with Bun runtime.

Features

  • Wraps the 1Password CLI (op) as an MCP server
  • Exposes 65 tools for managing 1Password resources
  • Full TypeScript type safety with Zod schema validation
  • Supports all major 1Password operations:
    • Authentication (whoami, signin, signout)
    • Account management
    • Vault operations
    • Item CRUD
    • Document management
    • User management
    • Group management
    • Connect server management
    • Service accounts
    • Events API
    • Secret reading and injection

Prerequisites

  • Bun runtime
  • 1Password CLI (op) installed and in PATH
  • 1Password account with CLI access configured

Authentication

The server supports automatic authentication via environment variables:

Option 1: Service Account Token (Recommended for automation)

export OP_SERVICE_ACCOUNT_TOKEN="your-service-account-token"

Option 2: Password-based Auto-signin

export OP_ACCOUNT="my"  # Your account shorthand
export OP_PASSWORD="your-password"

When both OP_ACCOUNT and OP_PASSWORD are set, the server automatically signs in on startup.

Option 3: Default Account (Manual signin required)

export OP_ACCOUNT="my"  # Your account shorthand

This sets the default account but requires you to be already signed in via op signin.

Installation

cd op-mcp.bun
bun install

Usage

Running the server

bun run start
# or
bun run src/index.ts

MCP Configuration

Add to your MCP client configuration file.

Claude Code (~/.claude.json)

Password-based auto-signin:

{
  "mcpServers": {
    "1password": {
      "command": "bun",
      "args": ["run", "/home/won/lab/config/op-mcp/op-mcp.bun/src/index.ts"],
      "env": {
        "OP_ACCOUNT": "my",
        "OP_PASSWORD": "your-password"
      }
    }
  }
}

Service account token:

{
  "mcpServers": {
    "1password": {
      "command": "bun",
      "args": ["run", "/home/won/lab/config/op-mcp/op-mcp.bun/src/index.ts"],
      "env": {
        "OP_SERVICE_ACCOUNT_TOKEN": "ops_..."
      }
    }
  }
}

Default account (requires manual signin):

{
  "mcpServers": {
    "1password": {
      "command": "bun",
      "args": ["run", "/home/won/lab/config/op-mcp/op-mcp.bun/src/index.ts"],
      "env": {
        "OP_ACCOUNT": "my"
      }
    }
  }
}

Claude Desktop (~/Library/Application Support/Claude/claude_desktop_config.json)

{
  "mcpServers": {
    "1password": {
      "command": "/path/to/bun",
      "args": ["run", "/path/to/op-mcp.bun/src/index.ts"],
      "env": {
        "OP_ACCOUNT": "my",
        "OP_PASSWORD": "your-password"
      }
    }
  }
}

Environment Variables Reference

Variable Description
OP_SERVICE_ACCOUNT_TOKEN Service account token for authentication (takes priority)
OP_ACCOUNT Account shorthand (e.g., my, work)
OP_PASSWORD Password for auto-signin (requires OP_ACCOUNT)

Tools

The server exposes 65 tools organized by domain:

Authentication (3 tools)

  • whoami - Get current user info
  • signin - Sign in to 1Password
  • signout - Sign out of 1Password

Account (4 tools)

  • account_list - List configured accounts
  • account_get - Get account details
  • account_add - Add a new account
  • account_forget - Remove an account from device

Vault (11 tools)

  • vault_list - List vaults
  • vault_get - Get vault details
  • vault_create - Create a vault
  • vault_edit - Edit a vault
  • vault_delete - Delete a vault
  • vault_user_list - List users with vault access
  • vault_user_grant - Grant user access to vault
  • vault_user_revoke - Revoke user access from vault
  • vault_group_list - List groups with vault access
  • vault_group_grant - Grant group access to vault
  • vault_group_revoke - Revoke group access from vault

Item (9 tools)

  • item_list - List items
  • item_get - Get item details
  • item_create - Create an item
  • item_edit - Edit an item
  • item_delete - Delete an item
  • item_move - Move item to another vault
  • item_share - Create shareable link
  • item_template_list - List item templates
  • item_template_get - Get template details

Document (5 tools)

  • document_list - List documents
  • document_get - Download document
  • document_create - Upload document
  • document_edit - Replace document content
  • document_delete - Delete document

User (8 tools)

  • user_list - List users
  • user_get - Get user details
  • user_provision - Create new user
  • user_confirm - Confirm pending user
  • user_edit - Edit user
  • user_suspend - Suspend user
  • user_reactivate - Reactivate user
  • user_delete - Delete user

Group (8 tools)

  • group_list - List groups
  • group_get - Get group details
  • group_create - Create group
  • group_edit - Edit group
  • group_delete - Delete group
  • group_user_list - List group members
  • group_user_grant - Add user to group
  • group_user_revoke - Remove user from group

Connect (11 tools)

  • connect_server_list - List Connect servers
  • connect_server_get - Get server details
  • connect_server_create - Create server
  • connect_server_edit - Edit server
  • connect_server_delete - Delete server
  • connect_token_list - List tokens
  • connect_token_create - Create token
  • connect_token_edit - Edit token
  • connect_token_delete - Delete token
  • connect_vault_grant - Grant vault access
  • connect_vault_revoke - Revoke vault access

Service Account (2 tools)

  • service_account_create - Create service account
  • service_account_ratelimit - Check rate limit

Events API (1 tool)

  • events_api_create - Create Events API integration

Secrets (3 tools)

  • secret_read - Read secret by reference
  • secret_inject - Inject secrets into template
  • secret_run - Run command with secrets

Development

# Type check
bun run typecheck

# Build (optional)
bun run build

Testing

The project includes a comprehensive integration test suite that runs against a real 1Password account.

Prerequisites

Ensure you're authenticated before running tests:

export OP_ACCOUNT="my"
export OP_PASSWORD="your-password"

Running Tests

# Run all tests
bun test

# Run specific test suites
bun test:auth      # Authentication tests
bun test:account   # Account management tests
bun test:vault     # Vault CRUD tests
bun test:item      # Item CRUD tests
bun test:document  # Document upload/download tests
bun test:user      # User management tests (admin required)
bun test:group     # Group management tests
bun test:connect   # Connect server tests (Business/Teams required)
bun test:service   # Service account tests
bun test:events    # Events API tests (Business/Enterprise required)
bun test:secrets   # Secret read/inject tests

Test Behavior

  • Tests create resources with op-mcp-test prefix for easy identification
  • Resources are cleaned up after each test suite
  • Tests that require admin privileges or specific account types are automatically skipped
  • A test vault named op-mcp-test-vault is created/reused for item and document tests

License

MIT

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured