OnePassword Provider
The OnePassword provider integrates with OnePassword for team-based secret management with advanced access controls.
Prerequisites
Section titled “Prerequisites”- OnePassword CLI (
op) - OnePassword account
- Signed in via
op signin
Configuration
Section titled “Configuration”URI Format
Section titled “URI Format”onepassword://[account@]vault[/path]onepassword+token://[token@]vault[/path]account: Optional account shorthandvault: Target vault name (defaults to “Private”)token: Service account tokenpath: Reserved for future use
Examples
Section titled “Examples”# Use specific vault$ secretspec set API_KEY --provider onepassword://Production
# Use specific account and vault$ secretspec set DATABASE_URL --provider "onepassword://work@DevVault"
# Use service account token$ secretspec set SECRET --provider "onepassword+token://ops_token123@Production"
# Default vault (Private)$ secretspec set KEY --provider onepassword://Basic Commands
Section titled “Basic Commands”# Set a secret$ secretspec set DATABASE_URLEnter value for DATABASE_URL: postgresql://localhost/mydb✓ Secret DATABASE_URL saved to OnePassword
# Get a secret$ secretspec get DATABASE_URL
# Run with secrets$ secretspec run -- npm startProfile Configuration
Section titled “Profile Configuration”[development]provider = "onepassword://Development"
[production]provider = "onepassword://Production"CI/CD with Service Accounts
Section titled “CI/CD with Service Accounts”# Set token$ export OP_SERVICE_ACCOUNT_TOKEN="ops_eyJ..."
# Run command$ secretspec run --provider onepassword://Production -- deploy