Skip to main content

fsspec filesystem implementation for 1Password entries via the op CLI.

Project description

fsspec-1password

An fsspec filesystem implementation for 1Password entries, backed by the 1Password CLI (op).

Overview

fsspec-1password lets you read individual 1Password field values through the op:// protocol. Any tool or library that speaks fsspec can transparently read secret values straight from 1Password – no files on disk, no environment variable juggling.

Scope: Only full op://Vault/Item/Field or op://Vault/Item/Section/Field URIs are supported. Accessing op://, op://Vault, or op://Vault/Item raises a PermissionError – this library is designed to read specific secrets, not to browse entire accounts or vaults.

Caching and sign-out

When a field is first read, the entire op://Vault/Item is fetched in a single op item get call and all its fields are cached in memory. op signout is then called immediately. This means:

  • Each item access triggers exactly one user authorisation prompt.
  • Subsequent reads of any field from the same item are served from the cache – no further op calls, no additional prompts.
  • Accessing a field from a different item requires a new authorisation.

Requirements

If op is not in PATH a clear RuntimeError is raised immediately:

RuntimeError: The '1Password CLI' executable 'op' was not found in PATH.
Please install it from https://developer.1password.com/docs/cli/get-started/
and make sure it is available in your PATH before using the op:// protocol.

Installation

pip install fsspec-1password

Quick start

Direct usage

import fsspec_1password  # registers the op:// protocol with fsspec

fs = fsspec_1password.OnePasswordFileSystem()

# Read a field value (triggers op authorisation the first time)
secret = fs.cat_file("op://Personal/GitHub/password")
# b's3cr3t'

# Reading another field from the same item uses the cache – no extra prompt
username = fs.cat_file("op://Personal/GitHub/username")
# b'alice'

with fs.open("op://Personal/GitHub/password") as f:
    secret = f.read()
# b's3cr3t'

Via fsspec

import fsspec

with fsspec.open("op://Personal/GitHub/password") as f:
    secret = f.read()

Use with other libraries

Any library that accepts an fsspec-compatible path works out of the box:

import pandas as pd

# Read a CSV stored as a 1Password secure note
df = pd.read_csv("op://Work/MySecretCSV/content", storage_options={})

Authentication

Authentication is handled entirely by the op CLI. Depending on your setup this may be:

  • Biometric (Touch ID / Windows Hello) – automatic after initial sign-in.
  • Session token – set OP_SESSION_<account> in the environment.
  • Service-account token – set OP_SERVICE_ACCOUNT_TOKEN in the environment.

Refer to the 1Password CLI documentation for full details.

Development

git clone https://github.com/mauvilsa/fsspec-1password
cd fsspec-1password
python -m venv venv
source venv/bin/activate
pip install -e ".[dev]"

# Run tests (no real op executable required)
pytest

# Run with coverage
pytest --cov --cov-report=html

Running pre-commit hooks

pre-commit install
pre-commit run --all-files

Bumping the version

bump2version patch   # or minor / major

License

MIT – see LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

fsspec_1password-0.3.0.tar.gz (7.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

fsspec_1password-0.3.0-py3-none-any.whl (8.3 kB view details)

Uploaded Python 3

File details

Details for the file fsspec_1password-0.3.0.tar.gz.

File metadata

  • Download URL: fsspec_1password-0.3.0.tar.gz
  • Upload date:
  • Size: 7.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for fsspec_1password-0.3.0.tar.gz
Algorithm Hash digest
SHA256 d3f83c917ac4a85f7f4cf57816b40eb0ba58199f1bd9b504de6327870340ab64
MD5 2640168e72b295fb14e2369175e1e44f
BLAKE2b-256 d5967b3cfbbc9a40bb606094aa1161541fd60f696351b37c99da9104f85eb6f6

See more details on using hashes here.

Provenance

The following attestation bundles were made for fsspec_1password-0.3.0.tar.gz:

Publisher: tests.yaml on mauvilsa/fsspec-1password

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fsspec_1password-0.3.0-py3-none-any.whl.

File metadata

File hashes

Hashes for fsspec_1password-0.3.0-py3-none-any.whl
Algorithm Hash digest
SHA256 377c790bc25157910e797b1f81796cf685a3ec2cbbf7bf7447a42667c9913c86
MD5 f4f2227e36ebaca37b3d7a27b6eb0ba8
BLAKE2b-256 13b391cd08632c4e1d53d94952a5048721504d8967cc0ade5a2933d7c908fab1

See more details on using hashes here.

Provenance

The following attestation bundles were made for fsspec_1password-0.3.0-py3-none-any.whl:

Publisher: tests.yaml on mauvilsa/fsspec-1password

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page