> ## Documentation Index
> Fetch the complete documentation index at: https://intunedhq.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.
# 1Password
## Overview
By the end of this guide, you'll have an authenticated Intuned project that uses credentials stored securely in 1Password. You'll learn how to:
1. Set up a 1Password account and create a vault for Intuned to access.
2. Set up a 1Password Service Account to access your vault programmatically.
3. Enable and configure 1Password integration in your Intuned project.
4. Create AuthSessions using credentials from 1Password.
## Prerequisites
Before you begin, ensure you have the following:
* An active Intuned account.
* A 1Password account with permissions to create vaults and service accounts.
This guide assumes you have a basic understanding of Intuned Projects and AuthSessions. If you're new to Intuned, start with the [getting started guide](/main/00-getting-started/introduction).
## When to use 1Password integration
When you create an AuthSession, you provide credentials for logging into the target website. Intuned stores these credentials securely to renew the AuthSession when it expires. However:
* You may prefer not to store sensitive credentials directly in Intuned.
* If credentials change frequently, you need to update them manually through Intuned APIs.
* Sharing credentials across Projects or AuthSessions requires duplicating them.
With 1Password integration, you can:
* Keep credentials in 1Password instead of Intuned.
* Fetch the latest credentials automatically when needed.
* Share credentials across Projects and AuthSessions without duplication.
1Password integration only works in deployed environments. During local development (IDE or CLI), use test credentials instead.
## Guide
### 1. Create a 1Password Vault with credentials
1. Open the 1Password app and sign in to your account.
2. Under Vaults, select **+**.
3. Enter name: `intuned-automation-credentials` and optionally a description.
4. Select **Create**.
5. Add a new item:
* Select **Login**
* Name it `example-login`
* Username: `demo@email.com`
* Password: `DemoUser2024!`
1. Go to [1password.com](https://1password.com) and sign in to your account.
2. From your account home page, select **+ New Vault**.
3. Enter name: `intuned-automation-credentials` and optionally a description.
4. Select **Create Vault**.
5. Add a new item to the vault:
* Select **Login**
* Name it `example-login`
* Username: `demo@email.com`
* Password: `DemoUser2024!`
1. Install the latest version of [1Password CLI](https://developer.1password.com/main/cli/get-started/) and sign in to your account.
```bash theme={null}
op signin
```
2. Create a vault:
```bash theme={null}
op vault create "intuned-automation-credentials" --description "Vault for Intuned AuthSession credentials"
```
3. Add item to the vault:
```bash theme={null}
op item create \
--vault='intuned-automation-credentials' \
--title='example-login' \
--category=login \
"username=demo@email.com" \
"password[password]=DemoUser2024!"
```
You now have two 1Password items: `op://intuned-automation-credentials/example-login/username` and `op://intuned-automation-credentials/example-login/password`. You'll use these paths later to reference the credentials in Intuned.
For more details, refer to the official [1Password documentation on creating vaults](https://support.1password.com/create-share-vaults).
### 2. Create a 1Password Service Account
Creating a service account requires admin access to your 1Password account.
1. Open the [1Password service account creation wizard](https://start.1password.com/developer-tools/infrastructure-secrets/serviceaccount/).
2. Follow the instructions:
1. Enter a name for your service account.
2. Choose the vault you created earlier.
3. Make sure you give read access to the vault.
4. Select **Create Account**.
5. (Optional) Select **Save in 1Password** to save the service account token in your 1Password account.
You can later access your service account under **Developer** from your 1Password account home screen.
Copy the service account token and store it securely (preferably in 1Password). You won't be able to view it again.
1. Create a service account and assign it to your vault:
```bash theme={null}
op service-account create "" \
--vault "intuned-automation-credentials:read_items"
```
2. Copy the service account token.
Copy the service account token and store it securely (preferably in 1Password). The 1Password CLI returns it only once.
For more details, refer to the official [1Password documentation on creating service accounts](https://developer.1password.com/main/service-accounts/get-started/).
1Password Service Accounts have rate limits. Intuned reads from the vault only when creating or renewing AuthSessions. Check out [1Password service account rate limits](https://developer.1password.com/main/service-accounts/rate-limits/) for more details.
### 3. Set up 1Password Service Account Token on Intuned
Set up your 1Password Service Account token as a Workspace Environment Variable:
1. Go to [**Workspace Settings** > **Environment Variables**](https://app.intuned.io/settings/env-vars).
2. Create a new variable with:
* Key: `OP_SERVICE_ACCOUNT_TOKEN`
* Value: Your 1Password Service Account token from step 2.
* Environments: Deployed only.
You can set up the token as a Project Environment Variable if you do not want to share the 1Password Service Account across Projects. Check out [Project-level environment variables](/main/02-features/environment-variables-secrets#project-level-environment-variables) for more details.
For security reasons, `OP_SERVICE_ACCOUNT_TOKEN` will not be exposed to your automation code. If you want to use the 1Password SDK in your code, use a different environment variable key at your own risk.
### 4. Create a Project with AuthSessions and 1Password integration enabled
For this guide, we use the **Book consultations authenticated quickstart project** which is the `rpa-auth-example` template. Follow the [quickstart guide](/main/00-getting-started/quickstarts/auth-rpa) to create it. You should now have a project named `book-consultations-authenticated-quickstart`.
Let's enable 1Password integration for the Project and deploy it.
Open your project in the IDE. From **Files**, select **Intuned.json**, then enable 1Password integration. Optionally add an integration name and version.
In your local project folder, open your Intuned settings file and enable 1Password integration. Optionally add an integration name and version.
```jsonc Intuned.jsonc theme={null}
{
// rest of settings
"integrations": { // [!code ++:7]
"onepassword": {
"enabled": true,
"integrationName": "",
"integrationVersion": ""
}
}
}
```
```jsonc Intuned.json theme={null}
{
// rest of settings
"integrations": { // [!code ++:7]
"onepassword": {
"enabled": true,
"integrationName": "",
"integrationVersion": ""
}
}
}
```
```yaml Intuned.yaml theme={null}
# rest of settings
integrations: // [!code ++:5]
onepassword:
enabled: true
integrationName: ""
integrationVersion: ""
```
```toml Intuned.toml theme={null}
# rest of settings
[integrations.onepassword] // [!code ++:4]
enabled = true
integrationName = ""
integrationVersion = ""
```
The `integrationName` and `integrationVersion` fields are optional identifiers used by the 1Password SDK for tracking.
**Deploy your project** for the changes to take effect.
### 5. Create an AuthSession using 1Password credentials
```typescript Typescript theme={null}
await intuned.projects.authSessions.create.start(
"book-consultations-authenticated-quickstart",
{
id: "1password-example",
parameters: {
"username": "op://intuned-automation-credentials/example-login/username",
"password": "op://intuned-automation-credentials/example-login/password"
}
},
);
```
```python Python theme={null}
from intuned_client import models
intuned.projects.auth_sessions.create.start(
project_name="book-consultations-authenticated-quickstart",
body=models.AuthSessionsCreateStartRequestBody(
id="1password-example",
parameters={
"username": "op://intuned-automation-credentials/example-login/username",
"password": "op://intuned-automation-credentials/example-login/password"
}
)
)
```
From **your project** > **AuthSessions**, select **+ Session**. Let's name it `1password-example`. When you enter the parameters, enter the 1Password credential path instead of the actual credentials.
```json JSON theme={null}
{
"username": "op://intuned-automation-credentials/example-login/username",
"password": "op://intuned-automation-credentials/example-login/password"
}
```
```yaml YAML theme={null}
username: op://intuned-automation-credentials/example-login/username
password: op://intuned-automation-credentials/example-login/password
```
Intuned will securely fetch the credentials from 1Password and pass them to your `auth-sessions/create` function to create the AuthSession.
### 6. Use the AuthSession in your API
```typescript Typescript theme={null}
await intuned.projects.runs.start(
projectName,
{
api: "book-consultations",
parameters: {
name: "Foo Bar",
email: "foo@bar.com",
phone: "1234567890",
date: "2026-11-19",
time: "10:00 AM",
topic: "other"
},
authSession: {
id: "1password-example",
},
}
);
```
```python Python theme={null}
from intuned_client import models
intuned.projects.runs.start(
project_name=project_name,
body=models.RunStartRequestBody(
api="book-consultations",
parameters={
"name": "Foo Bar",
"email": "foo@bar.com",
"phone": "1234567890",
"date": "2026-11-19",
"time": "10:00 AM",
"topic": "other"
},
auth_session={
"id": "1password-example"
},
),
)
```
From the dashboard, go to **your project** > **Runs** > **Start Run**. Select `book-consultations`, enter the parameters:
```json theme={null}
{
"name": "Foo Bar",
"email": "foo@bar.com",
"phone": "1234567890",
"date": "2026-11-19",
"time": "10:00 AM",
"topic": "other"
}
```
Select the AuthSession `1password-example` you created earlier. Select **Start Run**.
## Related resources
Step-by-step guide to creating your first authenticated RPA project
Learn more about AuthSessions in Intuned