Skip to main content

fsspec filesystem implementation for 1Password entries via the op CLI.

Project description

fsspec-1password

An fsspec filesystem implementation for 1Password entries, backed by the 1Password CLI (op).

Overview

fsspec-1password exposes your 1Password vaults, items, and fields as a read-only virtual filesystem under the op:// protocol. Any tool or library that speaks fsspec can transparently read secret values straight from 1Password – no files on disk, no environment variable juggling.

op://                        ← root (list all vaults)
op://Vault                   ← vault directory (list items)
op://Vault/Item              ← item directory (list fields)
op://Vault/Item/Field        ← field file (read secret value)

Requirements

If op is not in PATH a clear RuntimeError is raised immediately:

RuntimeError: The '1Password CLI' executable 'op' was not found in PATH.
Please install it from https://developer.1password.com/docs/cli/get-started/
and make sure it is available in your PATH before using the op:// protocol.

Installation

pip install fsspec-1password

Quick start

Direct usage

import fsspec_1password  # registers the op:// protocol with fsspec

fs = fsspec_1password.OnePasswordFileSystem()

# List all vaults
fs.ls("op://")
# [{'name': 'op://Personal', 'type': 'directory', 'size': 0}, ...]

# List items in a vault
fs.ls("op://Personal")
# [{'name': 'op://Personal/GitHub', 'type': 'directory', 'size': 0}, ...]

# List fields of an item
fs.ls("op://Personal/GitHub")
# [{'name': 'op://Personal/GitHub/username', 'type': 'file', 'size': 5}, ...]

# Read a field value
secret = fs.cat_file("op://Personal/GitHub/password")
# b's3cr3t'

with fs.open("op://Personal/GitHub/password") as f:
    secret = f.read()
# b's3cr3t'

Via fsspec

import fsspec

with fsspec.open("op://Personal/GitHub/password") as f:
    secret = f.read()

Use with other libraries

Any library that accepts an fsspec-compatible path works out of the box:

import pandas as pd

# Read a CSV stored as a 1Password secure note
df = pd.read_csv("op://Work/MySecretCSV/content", storage_options={})

Authentication

Authentication is handled entirely by the op CLI. Depending on your setup this may be:

  • Biometric (Touch ID / Windows Hello) – automatic after initial sign-in.
  • Session token – set OP_SESSION_<account> in the environment.
  • Service-account token – set OP_SERVICE_ACCOUNT_TOKEN in the environment.

Refer to the 1Password CLI documentation for full details.

URI scheme

Path Description
op:// Root – directory listing returns all vaults
op://Vault Vault – directory listing returns all items
op://Vault/Item Item – directory listing returns all fields
op://Vault/Item/Field Field – readable file containing the secret value

Vault, Item, and Field refer to the title/label of the object, matching how you would address them with op read op://Vault/Item/Field.

Development

git clone https://github.com/mauvilsa/fsspec-1password
cd fsspec-1password
python -m venv venv
source venv/bin/activate
pip install -e ".[dev]"

# Run tests (no real op executable required)
pytest

# Run with coverage
pytest --cov --cov-report=html

Running pre-commit hooks

pre-commit install
pre-commit run --all-files

Bumping the version

bump2version patch   # or minor / major

License

MIT – see LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

fsspec_1password-0.2.0rc1.tar.gz (6.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

fsspec_1password-0.2.0rc1-py3-none-any.whl (7.3 kB view details)

Uploaded Python 3

File details

Details for the file fsspec_1password-0.2.0rc1.tar.gz.

File metadata

  • Download URL: fsspec_1password-0.2.0rc1.tar.gz
  • Upload date:
  • Size: 6.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for fsspec_1password-0.2.0rc1.tar.gz
Algorithm Hash digest
SHA256 a8eb5dddf5d9303f733af4e6699ddc6eba7dd91460336ce4f5916d8c20adb2f2
MD5 1325b9f079de77b6c0785ef0f29fd794
BLAKE2b-256 1e8ab93c85f449c164cbc0c868d28e7d2775c08867635926385e5e14ef418e9d

See more details on using hashes here.

Provenance

The following attestation bundles were made for fsspec_1password-0.2.0rc1.tar.gz:

Publisher: tests.yaml on mauvilsa/fsspec-1password

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fsspec_1password-0.2.0rc1-py3-none-any.whl.

File metadata

File hashes

Hashes for fsspec_1password-0.2.0rc1-py3-none-any.whl
Algorithm Hash digest
SHA256 ec9c842564d00d6786d951e739f9c9a0f3b200e39347a0d0a96ff4829a97073d
MD5 3b4d0c8b3ad74633064ea06583161f43
BLAKE2b-256 2138369e63c73e039963dbe5bed3340ab8ed45c68300df6cca29c37cfcc45739

See more details on using hashes here.

Provenance

The following attestation bundles were made for fsspec_1password-0.2.0rc1-py3-none-any.whl:

Publisher: tests.yaml on mauvilsa/fsspec-1password

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page