How It Works
- Connect a service account — Add your 1Password service account token in the dashboard
- Domain matching — When Managed Auth needs credentials, it searches your connected vaults for items matching the target domain
- Automatic fill — Credentials (including TOTP secrets) are used to complete authentication
Credentials are retrieved securely at authentication time. Values are never stored in Kernel—they remain in 1Password.
Setup
1
Create a 1Password Service Account
Create a service account in 1Password with access to the vaults containing your login credentials.Copy the service account token (starts with
ops_).2
Connect in Kernel Dashboard
Go to Integrations in the Kernel dashboard and click Connect 1Password.Give your provider a name (e.g.,
my-1p) and paste your service account token. Kernel will validate the connection and show which vaults are accessible.You can connect multiple 1Password accounts with different names.3
Use with Managed Auth
Reference your 1Password provider in the
credential object. You can either specify an explicit item path or use auto-lookup by domain.Path Format
When using explicit paths, specifyVaultName/ItemName:
Domain Matching
1Password items are matched by their website/URL field:
If multiple items match a domain, the first match is used. Organize your vaults to ensure the correct credentials are selected.
TOTP Support
If your 1Password item has a one-time password (TOTP) field configured, it will be used automatically for 2FA—no additional setup needed.Credential Options
Thecredential object supports multiple sources:
If no
credential is specified, the flow will wait for manual input.