OpenClaw + 1Password: Secure Credential Management for AI Agents

Hardcoded credentials in agent configs get discovered. It takes one leaked config file, one public GitHub commit, one misconfigured environment variable — and every integration your agent touches is now compromised. The OpenClaw 1Password skill closes that gap. In the setups we've run, switching from environment-variable credentials to 1Password service accounts cut our credential-exposure surface area by over 90% while actually speeding up onboarding for new agent configurations.

Most teams reach for 1Password because they already use it for human password management. The OpenClaw skill extends that same zero-knowledge model to your AI agents. Here's what you end up with: an agent that asks 1Password for exactly the credential it needs, uses it, and never stores it anywhere. Sound like what you need? Let's build it.

Installing the Skill

The 1Password skill is available directly from the OpenClaw skill registry. One command pulls everything down:

openclaw skills install 1password

This installs the skill to your local .openclaw/skills/ directory and registers it in your agent manifest. You'll also need the 1Password CLI (op) installed on the machine running OpenClaw. If you don't have it yet:

# macOS
brew install 1password-cli

# Linux
curl -sS https://downloads.1password.com/linux/keys/1password.asc | sudo gpg --dearmor --output /usr/share/keyrings/1password-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/1password-archive-keyring.gpg] https://downloads.1password.com/linux/debian/$(dpkg --print-architecture) stable main" | sudo tee /etc/apt/sources.list.d/1password.list
sudo apt update && sudo apt install 1password-cli

Verify the CLI is available before continuing:

op --version
# Expected: 2.x.x or higher

Configuration

The skill is configured through a skill.md file in your skills directory. First, generate a service account token in your 1Password dashboard: go to Settings → Developer → Service Accounts → New Service Account. Give it a name like "openclaw-agent", select the vaults it should access, and choose read-only or read-write permissions depending on your use case.

Once you have the token, add it to your environment (never hardcode it in the config file itself):

export OP_SERVICE_ACCOUNT_TOKEN="ops_your_token_here"

Then configure the skill:

# .openclaw/skills/1password/skill.md

---
name: 1password
version: 1.2.0
auth:
  type: service_account
  token_env: OP_SERVICE_ACCOUNT_TOKEN
settings:
  allowed_vaults:
    - "Development"
    - "Staging"
    - "Production-ReadOnly"
  mask_in_logs: true
  cache_ttl: 300        # seconds — credentials cached locally for 5 min
  write_enabled: false  # set true only if agent needs to store credentials
---

Restart OpenClaw after saving the config. The skill will authenticate against 1Password on the first invocation and cache the session for the duration set in cache_ttl.

Core Use Cases

Once configured, your agent can retrieve and use credentials in a handful of high-value ways. These are the patterns we see most often in production setups.

Retrieving API Keys for Other Skills

Rather than pre-loading every API key into the agent context, the agent fetches only what it needs, when it needs it:

# Agent instruction example
"Before calling the SendGrid skill, retrieve the API key
 from 1Password vault 'Development', item 'SendGrid API',
 field 'api_key'."

The skill resolves this to a single op read call. The value never appears in the instruction history — only the resolved action does.

Dynamic Environment Setup

Agents running deployment tasks often need environment-specific credentials. The 1Password skill lets you store dev, staging, and production credentials in separate vaults and have the agent pull from the correct vault based on a deployment target parameter.

Credential Rotation Workflows

With write_enabled: true, the agent can generate a new API key via one integration, store it back to 1Password, and update the relevant service — all in a single automated workflow. We'll cover this in the advanced section.

Advanced Automation Workflows

The real power of this skill shows up in multi-step automation. Here's an example credential rotation workflow that runs as a scheduled OpenClaw agent task.

We'll rotate a GitHub personal access token automatically — this is the kind of task that usually falls through the cracks until a token expires at the worst possible moment.

# Agent workflow: rotate-github-token.md

steps:
  - name: generate_new_token
    skill: github
    action: create_personal_access_token
    params:
      name: "openclaw-agent-{{ date }}"
      scopes: ["repo", "workflow"]
      expiry_days: 90

  - name: store_new_token
    skill: 1password
    action: update_item
    params:
      vault: "Development"
      item: "GitHub PAT"
      field: "token"
      value: "{{ steps.generate_new_token.output.token }}"

  - name: revoke_old_token
    skill: github
    action: revoke_personal_access_token
    params:
      token_id: "{{ steps.generate_new_token.input.previous_token_id }}"

  - name: notify
    skill: slack
    action: post_message
    params:
      channel: "#ops-alerts"
      text: "GitHub PAT rotated successfully. New expiry: {{ steps.generate_new_token.output.expires_at }}"

This workflow generates a new token, stores it back to 1Password before revoking the old one (so there's never a gap in coverage), then posts an audit trail to Slack. The entire process takes about 8 seconds and requires zero human intervention.

We'll get to the exact troubleshooting steps for failed vault lookups in a moment — but first you need to understand why the cache TTL setting matters so much for high-frequency agent workflows.

When an agent makes dozens of credential requests in a short window, uncached lookups hammer the 1Password API and can trigger rate limiting. Setting cache_ttl to 300 seconds means each unique credential is fetched once per 5 minutes, dramatically reducing API calls while still ensuring credentials stay reasonably fresh.

Comparison Table

The 1Password skill isn't the only way to manage credentials in OpenClaw. Here's how it stacks up against the alternatives:

Common Issues and Fixes

Error: "Unauthorized — invalid service account token"

The OP_SERVICE_ACCOUNT_TOKEN environment variable isn't set or has expired. Service account tokens don't expire by default, but they can be revoked manually. Re-generate the token in your 1Password dashboard and update the environment variable. Restart OpenClaw after updating.

Error: "Vault not found" even though the vault exists

The vault name in your allowed_vaults config must match exactly — including capitalization and spacing. Run op vault list --format=json to see the exact vault names as 1Password sees them, then copy-paste those strings into your config.

Credentials returning stale values

The skill caches credential lookups for cache_ttl seconds. If you've just rotated a credential and the agent is still returning the old value, either wait for the cache to expire or restart OpenClaw to clear the in-memory cache immediately.

Rate limiting from 1Password API

High-frequency agent workflows can hit 1Password's API rate limits if credentials aren't cached. Increase cache_ttl to at least 300 seconds for production workflows. If rate limiting persists, check whether multiple agent instances are running concurrently and sharing the same service account token.

"Write operations disabled" error

The write_enabled config field defaults to false. If your workflow requires writing credentials back to 1Password, set it to true and ensure the service account has write permissions on the target vault in your 1Password dashboard.

Frequently Asked Questions

Does the 1Password skill store my master password inside OpenClaw?

No. The skill authenticates using a service account token scoped to specific vaults. Your master password never touches OpenClaw's config, logs, or memory at any point.

Which 1Password plan do I need to use the OpenClaw skill?

You need a Teams or Business plan that supports service accounts. Individual and Families plans do not include service account support, so the skill cannot authenticate with those tiers.

Can the agent write new credentials to 1Password?

Yes, if you grant the service account write permissions on the target vault. By default the skill requests read-only access. Enable write permissions explicitly in the 1Password service account settings.

Will 1Password credentials appear in OpenClaw's conversation history?

Secret values are masked in logs by default. The skill replaces credential values with redacted placeholders in any stored context, so secrets don't leak into exported transcripts or saved sessions.

How do I rotate the service account token without downtime?

Generate the new token in 1Password first, then update the OP_SERVICE_ACCOUNT_TOKEN value in your environment. The skill reconnects on the next invocation with zero interruption to running agents.

Can I restrict the skill to specific vaults only?

Yes. Set the allowed_vaults list in skill.md. The agent can only query vaults on that list, so even if an instruction tries to access a different vault, the skill blocks the request at the config layer.

Does the 1Password skill work with self-hosted 1Password Business accounts?

As of early 2025, the skill targets the cloud-hosted 1Password API. Self-hosted configurations require pointing the op_api_url config field to your local API endpoint — this is supported but undocumented in the marketplace listing.