op-mcp

Willbots/op-mcp

3.2

If you are the rightful owner of op-mcp and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to dayong@mcphub.com.

1Password MCP Server provides secure and universal credential management through Model Context Protocol (MCP) with integration into 1Password.

Tools
4
Resources
0
Prompts
0

1Password MCP Server

Universal credential management via Model Context Protocol (MCP) with 1Password integration.

Features

  • Secure Credential Retrieval: Fetch credentials from 1Password without exposing passwords to AI context
  • Universal Filling: Works across browsers, terminals, and desktop applications
  • Multiple Input Methods:
    • Clipboard copy (with auto-clear)
    • Keyboard automation (types directly into focused fields)
    • Integration with other MCP servers (e.g., Kapture for browser forms)
  • Zero Password Exposure: Passwords never appear in MCP responses or logs

Architecture

┌─────────────┐     ┌──────────────────┐     ┌─────────────┐
│ MCP Client  │────▶│  1Password MCP   │────▶│  1Password  │
│  (Claude)   │     │     Server       │     │     API     │
└─────────────┘     └──────────────────┘     └─────────────┘
                            │
                            ├─→ Clipboard (temp copy)
                            ├─→ Keyboard (direct type)
                            └─→ Other MCP Servers

Installation

cd op-mcp
npm install
npm run build

Prerequisites

1Password Setup

You need a 1Password Service Account token:

  1. Sign in to your 1Password account
  2. Go to Settings → Developer → Service Accounts
  3. Create a new service account
  4. Copy the token (starts with ops_)
  5. Set environment variable:
export OP_SERVICE_ACCOUNT_TOKEN="ops_your_token_here"

For persistent setup, add to your shell profile:

# ~/.zshrc or ~/.bashrc
export OP_SERVICE_ACCOUNT_TOKEN="ops_your_token_here"

Platform-Specific Dependencies

macOS: No additional dependencies (uses AppleScript)

Windows: PowerShell (included with Windows)

Linux:

# For clipboard operations
sudo apt install xclip xsel

# For keyboard automation
sudo apt install xdotool
# OR for Wayland
sudo apt install ydotool

Usage with Claude Desktop

Add to your Claude Desktop configuration:

{
  "mcpServers": {
    "1password": {
      "command": "node",
      "args": ["/path/to/op-mcp/dist/index.js"],
      "env": {
        "OP_SERVICE_ACCOUNT_TOKEN": "ops_your_token_here"
      }
    }
  }
}

Config file locations:

  • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
  • Windows: %APPDATA%\Claude\claude_desktop_config.json
  • Linux: ~/.config/Claude/claude_desktop_config.json

Available Tools

get_credential

Get username from 1Password item. Password is not returned to maintain security.

Parameters:

  • itemId (required): 1Password item ID or title
  • vault (optional): Vault name

Example:

{
  "itemId": "GitHub Login",
  "vault": "Work"
}

Response:

{
  "username": "user@example.com",
  "itemId": "abc123",
  "title": "GitHub Login",
  "vault": "Work"
}

copy_password

Copy password to clipboard temporarily with auto-clear.

Parameters:

  • itemId (required): 1Password item ID or title
  • vault (optional): Vault name
  • clearAfter (optional): Seconds before auto-clearing (default: 10)

Example:

{
  "itemId": "GitHub Login",
  "clearAfter": 15
}

Response:

{
  "success": true,
  "message": "Password copied to clipboard. Will auto-clear in 15 seconds.",
  "itemTitle": "GitHub Login"
}

type_credential

Type username/password into currently focused field using keyboard automation.

Parameters:

  • itemId (required): 1Password item ID or title
  • vault (optional): Vault name
  • field (optional): Which field to type - username, password, or both (default: both)
  • delay (optional): Delay between keystrokes in milliseconds (default: 50)

Example:

{
  "itemId": "GitHub Login",
  "field": "both",
  "delay": 50
}

Response:

{
  "success": true,
  "message": "Typed username and password for \"GitHub Login\"",
  "itemTitle": "GitHub Login"
}

Note: When field: "both", types username, presses Tab, then types password.

list_items

List available 1Password items (titles and IDs only, not credentials).

Parameters:

  • vault (optional): Filter by vault name
  • category (optional): Filter by category (login, password, etc.)

Example:

{
  "vault": "Work",
  "category": "login"
}

Response:

{
  "count": 5,
  "items": [
    {
      "id": "abc123",
      "title": "GitHub Login",
      "vault": "Work",
      "category": "login"
    },
    ...
  ]
}

Use Cases

Browser Form Filling

User: "Fill in my GitHub login on this page"

Claude:
1. Calls list_items to find "GitHub" items
2. Calls type_credential with GitHub item
3. Types username, presses Tab, types password

Terminal Authentication

User: "SSH into production server"

Claude:
1. Calls get_credential for "Production SSH"
2. Runs ssh command via Desktop Commander
3. Calls type_credential when prompted for password

Integration with Kapture

For precise browser form filling, combine with Kapture:

User: "Log into my bank account"

Claude:
1. Calls 1password get_credential for "Bank Login"
2. Calls Kapture fill tool with username selector
3. Calls 1password type_credential with field: "password"
4. Calls Kapture click tool on submit button

Security Features

Password Never Exposed: Passwords never appear in MCP responses ✅ Clipboard Auto-Clear: Temporary clipboard copy with auto-wipe ✅ Audit Trail: All credential access is logged (item names only) ✅ Service Account Tokens: No master password exposure ✅ Keyboard Direct Injection: Types directly without clipboard

Development

# Install dependencies
npm install

# Development mode (hot reload)
npm run dev

# Build
npm run build

# Run built version
npm start

Project Structure

op-mcp/
├── src/
│   ├── index.ts              # MCP server main entry
│   ├── credential-manager.ts # 1Password SDK integration
│   ├── clipboard.ts          # Clipboard operations
│   └── keyboard.ts           # Keyboard automation
├── dist/                     # Compiled output
├── package.json
├── tsconfig.json
└── README.md

Troubleshooting

"Failed to initialize 1Password SDK"

Make sure OP_SERVICE_ACCOUNT_TOKEN environment variable is set:

echo $OP_SERVICE_ACCOUNT_TOKEN

Should output your token starting with ops_.

"Item not found"

  • Verify item exists in 1Password
  • Check vault access permissions
  • Try using exact item ID instead of title

Clipboard operations fail on Linux

Install required dependencies:

sudo apt install xclip xsel

Keyboard automation fails on Linux (Wayland)

Install ydotool for Wayland support:

sudo apt install ydotool

Roadmap

  • Support for TOTP/2FA codes
  • Browser extension integration
  • Field-specific credential filling
  • Credential strength checking
  • Password generation
  • Multi-factor authentication

License

MIT

Contributing

This is part of the Kapture project ecosystem. For contributions, please follow the main project guidelines.

Related Projects

Note: This server requires a 1Password Service Account. Individual/Family accounts need the Teams or Business plan for service account access.