A focused CLI tool for importing environment variables from 1Password items
Project description
1pass-env
A focused CLI tool for importing environment variables from 1Password items. Quickly and securely import secrets from your 1Password vaults into environment files for your development workflow.
Features
- 🔐 Secure: Import secrets directly from 1Password using the official SDK
- 🚀 Simple: One command to import all your environment variables
- 🎯 Focused: Import exactly what you need with field filtering
- 📁 Smart: Automatically detects project names from folder structure
- 🔄 Safe: Confirms before overwriting existing files
Installation
pip install 1pass-env
Prerequisites
- Python 3.8 or higher
- 1Password service account token
Quick Start
-
Set up your 1Password service account token:
export OP_SERVICE_ACCOUNT_TOKEN="your-service-account-token"
-
Import all fields from a 1Password item:
1pass-env import --name my-app
-
Import specific fields only:
1pass-env import --name my-app --fields API_KEY,DATABASE_URL
-
Use with different vault and custom file:
1pass-env import --vault production-secrets --name my-app --file .env.prod
Command Reference
import
Import environment variables from an existing 1Password item.
1pass-env import [OPTIONS]
Options:
--vault, -v: 1Password vault name to import from (default: 'tokens')--name, -n: Item name in vault (default: current folder name)--fields, -f: Specific fields to import (comma-separated, e.g., API_KEY,SECRET_KEY)--file: Output file name (default: '1pass.env')--debug: Enable debug logging for detailed output
Examples:
# Import all fields from item 'my-app' in 'tokens' vault to '1pass.env'
1pass-env import --name my-app
# Import specific fields only
1pass-env import --name my-app --fields API_KEY,DB_PASSWORD
# Import to a custom file
1pass-env import --name my-app --file .env.production
# Use a different vault
1pass-env import --vault secrets --name my-app
# Enable debug mode to see all details
1pass-env import --name my-app --debug
# Use current folder name as item name (automatic detection)
cd my-awesome-project
1pass-env import # Looks for item named 'my-awesome-project'
How It Works
1pass-env connects to your 1Password vault using the official SDK and imports secrets into standard environment files:
- Authentication: Uses a service account token set via
OP_SERVICE_ACCOUNT_TOKEN - Smart defaults: Uses current folder name as item name if not specified
- Safe merging: Preserves existing variables when importing to existing files
- Field filtering: Import only the secrets you need for specific environments
Example Workflow
# Set up authentication
export OP_SERVICE_ACCOUNT_TOKEN="your-token-here"
# Import all development secrets
1pass-env import --vault dev-secrets --name my-project --file .env.dev
# Import only production API keys
1pass-env import --vault prod-secrets --name my-project --fields API_KEY,JWT_SECRET --file .env.prod
# Use the environment files
source .env.dev && npm start
# or with dotenv in your application
python -m dotenv -f .env.prod run python app.py
Generated File Format
# Environment variables imported from 1Password
# Vault: tokens
# Item: my-app
# Generated by 1pass-env
API_KEY="your-api-key-here"
DATABASE_URL="postgresql://user:pass@localhost/db"
JWT_SECRET="your-jwt-secret"
Configuration
Configure using environment variables:
OP_SERVICE_ACCOUNT_TOKEN: 1Password service account token (required)
Common Use Cases
Development Environment Setup
# Import shared development secrets
1pass-env import --vault dev-team --name shared-services
# Import project-specific secrets
1pass-env import --name my-project
# Override with local development values
echo "DEBUG=true" >> 1pass.env
echo "PORT=3001" >> 1pass.env
Multi-Environment Deployment
# Import environment-specific secrets
1pass-env import --vault dev-secrets --name myapp --file .env.development
1pass-env import --vault staging-secrets --name myapp --file .env.staging
1pass-env import --vault prod-secrets --name myapp --file .env.production
# Use with your deployment process
source .env.production && docker-compose up -d
Development
Setup
git clone https://github.com/himakarreddy/1pass-env.git
cd 1pass-env
pip install -e ".[dev]"
Testing
pytest
Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
License
This project is licensed under the MIT License - see the LICENSE file for details.
Acknowledgments
- 1Password SDK for Python for secure secret management
- Click for the CLI framework
- Rich for beautiful terminal output
- python-dotenv for
.envfile handling
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file 1pass_env-0.1.0.tar.gz.
File metadata
- Download URL: 1pass_env-0.1.0.tar.gz
- Upload date:
- Size: 102.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e8d05ae5153e198ad430a4c72d741752ef643da98210eab55103deb567180b2c
|
|
| MD5 |
a5c53ed6d361544eb960fe481aaf4b9b
|
|
| BLAKE2b-256 |
bae62d460648e19db7328d727d505c0e30ebff72bdd78af52f3160f7800a3a09
|
File details
Details for the file 1pass_env-0.1.0-py3-none-any.whl.
File metadata
- Download URL: 1pass_env-0.1.0-py3-none-any.whl
- Upload date:
- Size: 16.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
135e47988e30ac6ea7c73bed8011f8e178c9c317523d6eb17fa8287cc35e4525
|
|
| MD5 |
7d0de63eed84de6195e39ab7cbb67ca1
|
|
| BLAKE2b-256 |
0408208e6c5e80f1458733823deaeaac86ce5f59a4c2f1f6a7117850293a5355
|
