Skip to main content
Connect 1Password to automatically use credentials from your existing vaults with Managed Auth. No need to manually create credentials in Kernel—1Password items are discovered by domain matching.

How It Works

  1. Connect a service account — Add your 1Password service account token in the dashboard
  2. Domain matching — When Managed Auth needs credentials, it searches your connected vaults for items matching the target domain
  3. Automatic fill — Credentials (including TOTP secrets) are used to complete authentication
Credentials are retrieved securely at authentication time. Values are never stored in Kernel—they remain in 1Password.

Setup

1

Create a 1Password Service Account

Create a service account in 1Password with access to the vaults containing your login credentials.Copy the service account token (starts with ops_).
2

Connect in Kernel Dashboard

Go to Integrations in the Kernel dashboard and click Connect 1Password.Give your provider a name (e.g., my-1p) and paste your service account token. Kernel will validate the connection and show which vaults are accessible.You can connect multiple 1Password accounts with different names.
3

Use with Managed Auth

Reference your 1Password provider in the credential object. You can either specify an explicit item path or use auto-lookup by domain.

Path Format

When using explicit paths, specify VaultName/ItemName:
Vault and item names containing forward slashes (/) are not supported. Rename items in 1Password if needed.

Domain Matching

1Password items are matched by their website/URL field: If multiple items match a domain, the first match is used. Organize your vaults to ensure the correct credentials are selected.

TOTP Support

If your 1Password item has a one-time password (TOTP) field configured, it will be used automatically for 2FA—no additional setup needed.

Credential Options

The credential object supports multiple sources: If no credential is specified, the flow will wait for manual input.

Security