Introducing programmatic item management with 1Password SDKs
by Sadia Azmal and Simon Barendse on
Last year, we introduced 1Password SDKs — production-ready, open source libraries for Typescript/JavaScript, Python, and Go — to support secure access to secrets stored in 1Password. Today’s release expands those capabilities to provide full programmatic access to 1Password items, including creating, reading, updating, deleting, listing, and sharing information stored in vaults.
This update expands what’s possible with 1Password SDKs and reinforces a critical goal of 1Password’s password manager: giving teams secure, flexible access to credentials and sensitive data through automation at scale. Whether managing secrets, automating onboarding, or standardizing IT operations, teams can now build seamless integrations that automate access to information stored in 1Password while preserving our end-to-end encryption security model.
This enhancement gives developers the tools to access sensitive data programmatically, which in turn helps IT and Security teams close the Access-Trust Gap. The Access Trust Gap represents the security risks posed by unfederated identities, unmanaged devices, applications, and AI-powered tools accessing company data without proper governance controls.
With data encrypted at rest and only decrypted when needed, 1Password SDKs provide a set of trusted building blocks for creating custom workflows without needing external services, binaries, or writing your own type system or validations. Our customers and partners already use them, including Postman and Pulumi, but as open source projects, they thrive on community feedback and contributions.
What’s new?
With expanded programmatic access, we’re enhancing the core value of 1Password for IT admins and developers. This new release introduces powerful new item management features in addition to expanded secret management capabilities, letting you build apps that:
- Generate and share files securely with just a few lines of code. Use a simple Python script to share items with customizable access controls.
- Automatically attach files and notes. Include supporting files like README.md and other relevant documents as attachments or notes.
- Share unique sharable links. You can choose when the link expires, who it’s available to, and whether you want it to be viewable once or multiple times.
- Streamline CI/CD workflows. Inject secrets into your apps or pipelines without hardcoding or juggling environment variables.
- Use 1Password as secure storage. Upload, store, and retrieve files that require end-to-end encryption and access control.
This is good news if you’re building systems for customer service agents, DevOps roles, or anything else that involves regularly sharing or integrating with information stored in 1Password.
What can you build today?
This release advances our long-term vision of providing a robust developer toolkit that empowers teams to design and implement custom solutions. Our goal with 1Password SDKs is to provide building blocks for the most flexibility.
Some common use cases you can build apps for today include:
- Automated onboarding workflows: Provision new employees or customers with credentials, store them securely in 1Password, and share them via item-sharing links.
- Secret rotation automation: Programmatically identify and update expiring credentials to stay ahead of security policies.
- Secure file and credential management: Store and retrieve SSH keys, TLS certificates, or license files without leaving local disk.
- Collecting sensitive data: Build internal UIs that securely collect and store sensitive data directly in 1Password.
- Centralizing sensitive data: Treat 1Password as a single source of truth for sensitive data across environments to simplify configuration management.
- Secure inventory management: Catalogue devices with key details like model, serial number, and admin credentials in 1Password.
What’s next?
This release marks a major step forward in how developers and teams interact with 1Password at scale. We’re not stopping here. Now that item management is supported within SDKs, we’re exploring ways to give you even more control, including managing vaults, groups, and permissions.
As we continue to expand our capabilities based on real-world usage and community feedback, you may encounter breaking changes between larger version updates. When we introduce breaking changes, we’ll provide clear instructions on how to update your code, along with three months of support and security patches so you can upgrade when it makes sense for your workflows and teams. You can read more details here and open GitHub issues on the SDK repos with your feedback and requests.
How to get started
// Create the file field item
let item = await client.items.create({
title: "Login with File Field Item Created With JS SDK",
category: sdk.ItemCategory.Login
vaultId: "7turaasywpymt3jecxoxk5roli",
fields: [
{
id: "username",
title: "username",
fieldType: sdk.ItemFieldType.Text,
value: "my username",
},
{
id: "password",
title: "password",
fieldType: sdk.ItemFieldType.Concealed,
value: "my secret value",
}
],
sections: [
{
id: "custom section",
title: "my section",
},
],
files: [
{
name: "file.txt"
content: new Uint8Array(fs.readFileSync("file.txt")),
sectionId: "custom section",
fieldId: "file_field"
},
],
});
Explore the SDKs on the 1Password Developer Portal or dive straight into the GitHub repos for JavaScript, Python, and Go.
We can’t wait to see what you build with 1Password SDKs! Share your projects, get inspired by others, and connect with the developer community at the community hub.
Sadia Azmal and Simon Barendse
Tweet about this post