1password
Password manager and digital vault for secure credential storage and team collaboration
Verdict
Common use cases
- Retrieve API keys for third-party integrations
- Audit secrets across multiple vaults
- Fetch shared credentials during incident response
- Pull database passwords for runbook execution
- List secure notes for onboarding documentation
Integration
- Vendor
- 1password
- Category
- other
- Auth
- API_KEY
- Tools
- 11
- Composio slug
_1password
Tools
- Count Companies
Returns the total count of companies matching the specified search criteria and filters. This endpoint accepts the same filtering parameters as the search endpoint but returns only the count. Useful for determining result set sizes before f
- Create Search Export Job
Creates an asynchronous search export job for companies matching specified criteria. Returns a job ID that can be used to track the progress and retrieve results when complete. Use this action to export large datasets of company information
- Find Similar Companies
Finds companies similar to a specified company based on shared attributes and characteristics. Returns a list of similar companies with their details including name, domain, description, industry, and location. Use this action to discover c
- Get Regions
Returns all geographical regions available in CompanyEnrich. Each region includes its identifier, parent region (if applicable), name, and associated country codes. Use this action to discover available regions for filtering or geographical
- List Bulk Enrichment Jobs
Lists all bulk enrichment jobs for the authenticated user. Returns a paginated list with optional filtering by job status. Supports pagination via page and pageSize parameters. No credits are deducted for this read-only operation.
- List group members
Tool to list all members of a group in your Roam workspace. Use when you need to view who is in a specific group. Note: The group must be public in the user's Roam, or the app must be a member of the group.
- List Roam Meetings
Lists all meetings in your home Roam, filtered by date range. Supports pagination via cursor and limiting the number of results. Returns meeting details including meeting ID, room, time, and participants. Use this action to discover availab
- List Roam Transcripts
Lists all transcripts in your Roam workspace, filtered by date range. Supports pagination via cursor and limiting the number of results. Returns transcript metadata (id, meetingId, start, end, participants) without full content. Use this ac
- Remove group membersdestructive
Tool to remove one or more members from a group in your Roam workspace. Use when you need to remove users from a specific group. Note: The group must be public in the user's Roam, or the app must be a member of the group to remove members.
- Search Companies
Searches for companies based on a query string. Returns a list of companies with their details including name, domain, description, industry, and location. Use this action to discover companies matching specific criteria or to enrich compan
- Search States
Tool to search states by name or country codes. Returns up to 100 states per page. Use when you need to find states within a country or search states by name.
Setup
Setup guide
- 11. In Switchy, open your workspace settings and navigate to Integrations. 2. Click 'Add MCP' and select 1Password from the list. 3. In 1Password, create a service account with read permissions for the vaults your team needs to access — go to your 1Password account settings, choose 'Service Accounts', and generate a new token. 4. Copy the service account token and paste it into the API Key field in Switchy, then click 'Connect'. 5. Switchy will verify the token and list the vaults it can access. 6. To test, open any Space and type '@1password list all items in the Engineering vault' — the MCP should return a list of stored credentials. 7. If the connection fails, confirm the token has not expired and that the service account has vault-level read permissions.
What teammates see: by default, memories from 1password are scoped to the Space (PROJECT visibility) - you can mark any memory PRIVATE or share it ORG-wide.
Works well with
Top models
Compatibility data appears once enough Spaces have used this MCP together with a given model.
How Switchy teams use it
Starter prompts
List Vault Items
@1password list all items in the Engineering vault and show their titles and categoriesOpen in a Space →
Retrieve API Key
@1password get the item named 'Stripe API Key' from the Finance vault and show me the credential valueOpen in a Space →
Find Database Credentials
@1password search for items tagged 'production database' in the DevOps vault and return usernames and URLsOpen in a Space →
Audit Shared Secrets
@1password list all secure notes in the Operations vault and summarize their titles and creation datesOpen in a Space →
Check Vault Access
@1password show me all vaults this integration can access and list the number of items in eachOpen in a Space →
Example outputs
Illustrative - representative of the model's voice and quality, not literal recordings.
@1password list all vault items tagged 'production' and show me which ones expire in the next 30 days
Found 12 items in your Production vault with expiration dates in the next 30 days: AWS root credentials (expires Jan 15), Stripe API key (expires Jan 22), SSL certificate for api.example.com (expires Feb 3), and 9 others. The AWS credentials are marked as critical priority. Would you like me to help draft rotation reminders for any of these?
This example shows 1Password's search and filtering capabilities across vault items. Requires read access to the specified vault. The MCP can surface metadata like tags, expiration dates, and item types, but cannot retrieve the actual secret values—those stay encrypted in 1Password's vault.
@1password create a new secure note in the Engineering vault with our new database connection string and tag it 'staging-db'
Created secure note 'Staging DB Connection String' in the Engineering vault. The note is encrypted and tagged with 'staging-db'. Item ID: xj4k9m2p. Only members with Engineering vault access can view this note. The connection string is now stored securely and won't appear in chat logs or AI memory.
Demonstrates 1Password's ability to create vault items directly from chat. Requires write permissions to the target vault. The actual secret content is encrypted end-to-end—the MCP confirms creation but never exposes the stored value in subsequent responses. Useful for quickly storing credentials discovered during troubleshooting.
@1password show me all API keys we've created in the last 90 days across all vaults, then summarize which services we're actively integrating with
Retrieved 18 API keys created since October 15 across 4 vaults. Active integrations include: Stripe (3 keys: test, live, webhook), SendGrid (2 keys), GitHub (4 keys for different repos), AWS (3 keys for dev/staging/prod), Datadog, PagerDuty, and Slack. Most recent additions are the Vercel deployment token (created yesterday) and a new Anthropic API key (created last week). The Engineering vault has the most recent activity with 11 new keys.
Showcases cross-vault search combined with AI synthesis to extract patterns from credential metadata. The MCP provides item names, creation dates, and vault locations—the AI then groups and summarizes. Useful for security audits or onboarding reviews. Rate limit: 1Password's API allows ~100 requests/minute per token.
Use-case deep-dives
When 1Password MCP beats shared spreadsheets for new hires
A 6-person startup onboards two engineers in the same week. Instead of emailing credentials or updating a Google Sheet, the ops lead uses the 1Password MCP to provision vault access and generate secure passwords directly from Switchy. The MCP's 11 tools cover vault creation, item retrieval, and access grants—enough to script the entire handoff in one conversation. This works cleanly if your team already uses 1Password and you trust API key auth for programmatic access. If you're onboarding more than five people a month or need audit trails beyond 1Password's native logs, you'll want a dedicated identity tool. For small teams doing occasional onboarding, this MCP turns a 20-minute manual process into a 2-minute Switchy thread.
Why this MCP fits support teams under 10 seats
A 4-person support team fields tickets that require looking up shared API keys or staging environment passwords stored in 1Password. The MCP lets agents query vaults by name or tag without leaving Switchy, pulling credentials into the conversation context for quick copy-paste. This assumes your 1Password org already segments credentials by customer or environment, and that your support reps have read access to the relevant vaults. The MCP doesn't handle credential rotation or expiry checks—if you need those, you're better off with a secrets manager that surfaces metadata. For teams doing fewer than 50 credential lookups a week, the 1Password MCP keeps support moving without opening another tab.
When to use this MCP for compliance spot-checks
A 3-person ops team runs a weekly audit to confirm no shared passwords are stored in plain text and all API keys have been rotated in the last 90 days. The 1Password MCP can list vault items and retrieve metadata, but it won't flag stale credentials or enforce rotation policies—that logic lives in your compliance tool or a custom script. Use this MCP if you're doing lightweight spot-checks and already have a process for flagging issues manually. If your audit cadence is daily or you need automated policy enforcement, the MCP's 11 tools won't scale. For small teams doing monthly or quarterly reviews, it's a fast way to pull 1Password data into a Switchy thread without exporting CSVs.
Frequently asked
What does the 1Password MCP let me do in Switchy?
It connects your 1Password vault to Switchy so AI agents can retrieve credentials, API keys, and secrets without exposing them in chat logs. You reference items by name or ID; the agent fetches the value, uses it in a workflow, then discards it. Useful for automating tasks that need production keys or SSH passphrases.
Do I need admin access to my 1Password account to set this up?
You need permission to create a service account and generate an API token in your 1Password Business or Teams plan. Individual accounts don't support service accounts, so you'll need a paid team plan. The token you paste into Switchy determines which vaults the MCP can read.
Can the 1Password MCP create or update vault items?
No. The MCP is read-only by design—it retrieves existing secrets but can't write new ones or modify fields. If you need to rotate a key or add a credential, do that in the 1Password web app or desktop client first, then the MCP will see the updated value on the next fetch.
Why use this instead of copying secrets into Switchy directly?
Pasting secrets into chat history is a security risk—they live in logs, backups, and browser caches. The 1Password MCP fetches credentials on demand, uses them in memory, and never writes them to Switchy's database. You also get audit trails in 1Password showing which service account accessed what and when.
Who on my team should connect the 1Password MCP?
Whoever manages your 1Password service accounts—usually a DevOps lead or IT admin. They create the token, scope it to the vaults your team needs, then share the Switchy workspace with engineers. Each workspace uses one token; you don't need separate connections per user.