fsspec filesystem implementation for 1Password entries via the op CLI.
Project description
fsspec-1password
An fsspec filesystem implementation for 1Password entries, backed by the 1Password CLI (op).
Overview
fsspec-1password exposes your 1Password vaults, items, and fields as a read-only virtual filesystem under the op:// protocol. Any tool or library that speaks fsspec can transparently read secret values straight from 1Password – no files on disk, no environment variable juggling.
op:// ← root (list all vaults)
op://Vault ← vault directory (list items)
op://Vault/Item ← item directory (list fields)
op://Vault/Item/Field ← field file (read secret value)
Requirements
- Python ≥ 3.10
- fsspec ≥ 2022.1.0
- The 1Password CLI (
op) must be installed and available inPATH.
If
opis not inPATHa clearRuntimeErroris raised immediately:RuntimeError: The '1Password CLI' executable 'op' was not found in PATH. Please install it from https://developer.1password.com/docs/cli/get-started/ and make sure it is available in your PATH before using the op:// protocol.
Installation
pip install fsspec-1password
Quick start
Direct usage
import fsspec_1password # registers the op:// protocol with fsspec
fs = fsspec_1password.OnePasswordFileSystem()
# List all vaults
fs.ls("op://")
# [{'name': 'op://Personal', 'type': 'directory', 'size': 0}, ...]
# List items in a vault
fs.ls("op://Personal")
# [{'name': 'op://Personal/GitHub', 'type': 'directory', 'size': 0}, ...]
# List fields of an item
fs.ls("op://Personal/GitHub")
# [{'name': 'op://Personal/GitHub/username', 'type': 'file', 'size': 5}, ...]
# Read a field value
secret = fs.cat_file("op://Personal/GitHub/password")
# b's3cr3t'
with fs.open("op://Personal/GitHub/password") as f:
secret = f.read()
# b's3cr3t'
Via fsspec
import fsspec
with fsspec.open("op://Personal/GitHub/password") as f:
secret = f.read()
Use with other libraries
Any library that accepts an fsspec-compatible path works out of the box:
import pandas as pd
# Read a CSV stored as a 1Password secure note
df = pd.read_csv("op://Work/MySecretCSV/content", storage_options={})
Authentication
Authentication is handled entirely by the op CLI. Depending on your setup this may be:
- Biometric (Touch ID / Windows Hello) – automatic after initial sign-in.
- Session token – set
OP_SESSION_<account>in the environment. - Service-account token – set
OP_SERVICE_ACCOUNT_TOKENin the environment.
Refer to the 1Password CLI documentation for full details.
URI scheme
| Path | Description |
|---|---|
op:// |
Root – directory listing returns all vaults |
op://Vault |
Vault – directory listing returns all items |
op://Vault/Item |
Item – directory listing returns all fields |
op://Vault/Item/Field |
Field – readable file containing the secret value |
Vault, Item, and Field refer to the title/label of the object, matching how you would address them with op read op://Vault/Item/Field.
Development
git clone https://github.com/mauvilsa/fsspec-1password
cd fsspec-1password
python -m venv venv
source venv/bin/activate
pip install -e ".[dev]"
# Run tests (no real op executable required)
pytest
# Run with coverage
pytest --cov --cov-report=html
Running pre-commit hooks
pre-commit install
pre-commit run --all-files
Bumping the version
bump2version patch # or minor / major
License
MIT – see LICENSE.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file fsspec_1password-0.2.0rc1.tar.gz.
File metadata
- Download URL: fsspec_1password-0.2.0rc1.tar.gz
- Upload date:
- Size: 6.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a8eb5dddf5d9303f733af4e6699ddc6eba7dd91460336ce4f5916d8c20adb2f2
|
|
| MD5 |
1325b9f079de77b6c0785ef0f29fd794
|
|
| BLAKE2b-256 |
1e8ab93c85f449c164cbc0c868d28e7d2775c08867635926385e5e14ef418e9d
|
Provenance
The following attestation bundles were made for fsspec_1password-0.2.0rc1.tar.gz:
Publisher:
tests.yaml on mauvilsa/fsspec-1password
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
fsspec_1password-0.2.0rc1.tar.gz -
Subject digest:
a8eb5dddf5d9303f733af4e6699ddc6eba7dd91460336ce4f5916d8c20adb2f2 - Sigstore transparency entry: 1709846357
- Sigstore integration time:
-
Permalink:
mauvilsa/fsspec-1password@6bd9a90e08ebe1741c108e01ac68f42f0e9b231b -
Branch / Tag:
refs/tags/v0.2.0rc1 - Owner: https://github.com/mauvilsa
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
tests.yaml@6bd9a90e08ebe1741c108e01ac68f42f0e9b231b -
Trigger Event:
push
-
Statement type:
File details
Details for the file fsspec_1password-0.2.0rc1-py3-none-any.whl.
File metadata
- Download URL: fsspec_1password-0.2.0rc1-py3-none-any.whl
- Upload date:
- Size: 7.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ec9c842564d00d6786d951e739f9c9a0f3b200e39347a0d0a96ff4829a97073d
|
|
| MD5 |
3b4d0c8b3ad74633064ea06583161f43
|
|
| BLAKE2b-256 |
2138369e63c73e039963dbe5bed3340ab8ed45c68300df6cca29c37cfcc45739
|
Provenance
The following attestation bundles were made for fsspec_1password-0.2.0rc1-py3-none-any.whl:
Publisher:
tests.yaml on mauvilsa/fsspec-1password
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
fsspec_1password-0.2.0rc1-py3-none-any.whl -
Subject digest:
ec9c842564d00d6786d951e739f9c9a0f3b200e39347a0d0a96ff4829a97073d - Sigstore transparency entry: 1709847236
- Sigstore integration time:
-
Permalink:
mauvilsa/fsspec-1password@6bd9a90e08ebe1741c108e01ac68f42f0e9b231b -
Branch / Tag:
refs/tags/v0.2.0rc1 - Owner: https://github.com/mauvilsa
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
tests.yaml@6bd9a90e08ebe1741c108e01ac68f42f0e9b231b -
Trigger Event:
push
-
Statement type: