--- name: 1password description: > Integrate 1Password secrets management into workflows. Store API keys/credentials, read secrets into scripts or .env, set up references, rotate, manage service accounts. Use when the user says /1password, "get the secret from 1p", "store this in 1password", "rotate the token", or needs 1Password CLI (op) operations. --- # /1password — 1Password Secrets Integration **Grok skill:** Corresponds to the shared command `.claude/commands/1password.md` and the implementation skill in `.claude/skills/1password/`. When this skill is used: - Read the command documentation `.claude/commands/1password.md`. - The actual logic lives in the 1password skill directory (multiple .sh and .md files). - Use `run_terminal_command` with the `op` CLI (1Password service account or biometric as appropriate). - Prefer vault for most MSP creds; 1Password is the fallback / for certain service accounts. - Never hardcode secrets; always use references or the vault wrapper. The skill handles service-account token setup, item creation, field gets, etc. See `.claude/skills/1password/SKILL.md` (the real one) and the command for usage patterns, security notes, and integration with the rest of the harness (e.g. for CI/CD or Docker). This is often used alongside the vault.sh flows.