1Password Python SDK

Warnings

• breaking The SDK is currently in version 0.x, which means breaking changes are possible between minor versions (e.g., 0.1.x to 0.2.0). Review release notes carefully when upgrading to a new minor version.
  Fix: Consult the official release notes and migration guides for each minor version upgrade to adapt your code. Patch releases (0.x.y to 0.x.z) should not contain breaking changes.
• gotcha On Linux, the SDK requires `libssl 3` and `glibc 2.32` or later. Older distributions (e.g., Debian 11, Ubuntu 20.04) running `libssl 1.1.1` will encounter errors.
  Fix: Update your Linux distribution to a newer version or manually install the required `libssl 3` and `glibc 2.32` dependencies.
• gotcha There are two distinct Python SDKs for 1Password: `onepassword-sdk` (for direct 1Password account interaction) and `onepasswordconnectsdk` (for self-hosted 1Password Connect servers). Using the wrong SDK for your deployment method will lead to connection or authentication failures.
  Fix: Ensure you install `onepassword-sdk` for direct account access (desktop app or service account authentication) or `onepasswordconnectsdk` if you are using a 1Password Connect server.
• gotcha The SDK supports two primary authentication methods: 1Password desktop app (for local, human-in-the-loop) and 1Password Service Accounts (for automated access). Each requires specific setup and configuration.
  Fix: Choose the appropriate authentication method for your use case and follow the official documentation for setup, including creating a Service Account token or enabling desktop app integration in 1Password settings.

Install

• pip install onepassword-sdk Install stable version

Imports

• Client

  from onepassword.client import Client

  Primary client class for interacting with the 1Password API.
• DesktopAuth

  from onepassword.client import Client, DesktopAuth

  Used for authenticating via the 1Password desktop application.

Quickstart

This quickstart demonstrates how to authenticate with the 1Password SDK using a Service Account token provided via an environment variable (`OP_SERVICE_ACCOUNT_TOKEN`). It then shows how to resolve a secret using a 1Password secret reference and how to list available vaults. Remember to replace placeholder values like 'op://MyVault/MyLoginItem/password' and ensure your service account has the necessary permissions.

import asyncio
import os
from onepassword.client import Client
from onepassword.models import FieldPurpose

async def main():
    # Authenticate using a 1Password Service Account token from environment variable
    token = os.environ.get("OP_SERVICE_ACCOUNT_TOKEN")
    if not token:
        print("Error: OP_SERVICE_ACCOUNT_TOKEN environment variable not set.")
        return

    # Connect to 1Password with your integration details
    client = await Client.authenticate(
        auth=token,
        integration_name="My Test Integration",
        integration_version="v1.0.0",
    )

    # Example: Retrieve a secret using a secret reference
    # Replace 'op://vault/item/field' with your actual secret reference URI
    try:
        secret_value = await client.secrets.resolve("op://MyVault/MyLoginItem/password")
        print(f"Retrieved secret: {secret_value}")

        # Example: List vaults (requires appropriate permissions)
        vaults = await client.vaults.list()
        print(f"Found {len(vaults)} vaults:")
        for vault in vaults:
            print(f"- {vault.name} (ID: {vault.id})")

    except Exception as e:
        print(f"An error occurred: {e}")
    finally:
        # Ensure the client connection is closed (if applicable, though often handled internally)
        pass

if __name__ == '__main__':
    asyncio.run(main())