OneQuery

Developer workflow connector

1Password connector for governed AI agent access

Connect 1Password through a self-hosted Connect Server API endpoint.

API
Setup docs All connectors

Direct answer

OneQuery supports 1Password for governed agent access.

Teams use the 1Password connector to give AI agents bounded source API calls for endpoint-specific context while OneQuery keeps credentials centralized, limits access to approved sources, and preserves audit logs for review.

Agent workflow

What this connector enables

1Password becomes an approved OneQuery source instead of a secret copied into an agent prompt, shell session, or model tool. The agent receives a governed access path, and the source credentials stay behind OneQuery.

  • Use bounded source API calls for endpoint-specific context for developer workflow context.
  • Keep 1Password credentials centralized and out of agent runtimes.
  • Review agent access through OneQuery audit history instead of reconstructing direct service usage.

Setup checklist

Prepare the 1Password connection

Use onepassword credentials and connect the source through the Dashboard and CLI. Keep credentials scoped to the data the agent is allowed to read.

  1. Deploy or choose the 1Password Connect Server that can read the target vaults.
  2. Create a Connect access token scoped to the vaults and items OneQuery should inspect.
  3. Set `credentials.apiBaseUrl` to the Connect Server origin, for example `https://connect.example.com`.
  4. Source API calls are read-only; use selectors such as `/v1/vaults` and `/v1/vaults/{vaultUUID}/items`.

FAQ

1Password connector questions

What is the OneQuery 1Password connector?

The OneQuery 1Password connector makes developer workflow context from 1Password available to AI agents through bounded source API calls for endpoint-specific context. Connect 1Password through a self-hosted Connect Server API endpoint.

How do AI agents access 1Password through OneQuery?

Agents call OneQuery instead of receiving raw 1Password credentials. OneQuery keeps credentials centralized, applies source boundaries, and records access in audit logs while exposing bounded source API calls for endpoint-specific context.

How do I set up the 1Password connector?

Prepare onepassword credentials and connect 1Password from the OneQuery dashboard or CLI. Start with this setup step: Deploy or choose the 1Password Connect Server that can read the target vaults.

Related connectors

GitHub Connect GitHub with a fine-grained personal access token and optional repository or installation scoping. Discord Connect Discord with a bot token or OAuth bearer token for Discord REST API access. Confluence Connect Confluence Cloud with an Atlassian account email and API token.