fsspec filesystem implementation for 1Password entries via the op CLI.
Project description
fsspec-1password
An fsspec filesystem implementation for 1Password entries, backed by the 1Password CLI (op).
Overview
fsspec-1password lets you read individual 1Password field values through the op:// protocol. Any tool or library that speaks fsspec can transparently read secret values straight from 1Password – no files on disk, no environment variable juggling.
Scope: Only full
op://Vault/Item/Fieldorop://Vault/Item/Section/FieldURIs are supported. Accessingop://,op://Vault, orop://Vault/Itemraises aPermissionError– this library is designed to read specific secrets, not to browse entire accounts or vaults.
Caching and sign-out
When a field is first read, the entire op://Vault/Item is fetched in a single op item get call and all its fields are cached in memory. op signout is then called immediately. This means:
- Each item access triggers exactly one user authorisation prompt.
- Subsequent reads of any field from the same item are served from the cache – no further
opcalls, no additional prompts. - Accessing a field from a different item requires a new authorisation.
Requirements
- Python ≥ 3.10
- fsspec ≥ 2022.1.0
- The 1Password CLI (
op) must be installed and available inPATH.
If
opis not inPATHa clearRuntimeErroris raised immediately:RuntimeError: The '1Password CLI' executable 'op' was not found in PATH. Please install it from https://developer.1password.com/docs/cli/get-started/ and make sure it is available in your PATH before using the op:// protocol.
Installation
pip install fsspec-1password
Quick start
Direct usage
import fsspec_1password # registers the op:// protocol with fsspec
fs = fsspec_1password.OnePasswordFileSystem()
# Read a field value (triggers op authorisation the first time)
secret = fs.cat_file("op://Personal/GitHub/password")
# b's3cr3t'
# Reading another field from the same item uses the cache – no extra prompt
username = fs.cat_file("op://Personal/GitHub/username")
# b'alice'
with fs.open("op://Personal/GitHub/password") as f:
secret = f.read()
# b's3cr3t'
Via fsspec
import fsspec
with fsspec.open("op://Personal/GitHub/password") as f:
secret = f.read()
Use with other libraries
Any library that accepts an fsspec-compatible path works out of the box:
import pandas as pd
# Read a CSV stored as a 1Password secure note
df = pd.read_csv("op://Work/MySecretCSV/content", storage_options={})
Authentication
Authentication is handled entirely by the op CLI. Depending on your setup this may be:
- Biometric (Touch ID / Windows Hello) – automatic after initial sign-in.
- Session token – set
OP_SESSION_<account>in the environment. - Service-account token – set
OP_SERVICE_ACCOUNT_TOKENin the environment.
Refer to the 1Password CLI documentation for full details.
Development
git clone https://github.com/mauvilsa/fsspec-1password
cd fsspec-1password
python -m venv venv
source venv/bin/activate
pip install -e ".[dev]"
# Run tests (no real op executable required)
pytest
# Run with coverage
pytest --cov --cov-report=html
Running pre-commit hooks
pre-commit install
pre-commit run --all-files
Bumping the version
bump2version patch # or minor / major
License
MIT – see LICENSE.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file fsspec_1password-0.3.0.tar.gz.
File metadata
- Download URL: fsspec_1password-0.3.0.tar.gz
- Upload date:
- Size: 7.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d3f83c917ac4a85f7f4cf57816b40eb0ba58199f1bd9b504de6327870340ab64
|
|
| MD5 |
2640168e72b295fb14e2369175e1e44f
|
|
| BLAKE2b-256 |
d5967b3cfbbc9a40bb606094aa1161541fd60f696351b37c99da9104f85eb6f6
|
Provenance
The following attestation bundles were made for fsspec_1password-0.3.0.tar.gz:
Publisher:
tests.yaml on mauvilsa/fsspec-1password
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
fsspec_1password-0.3.0.tar.gz -
Subject digest:
d3f83c917ac4a85f7f4cf57816b40eb0ba58199f1bd9b504de6327870340ab64 - Sigstore transparency entry: 1860410447
- Sigstore integration time:
-
Permalink:
mauvilsa/fsspec-1password@469a6422e067bdc4defdba264a268fc7cf0a195b -
Branch / Tag:
refs/tags/v0.3.0 - Owner: https://github.com/mauvilsa
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
tests.yaml@469a6422e067bdc4defdba264a268fc7cf0a195b -
Trigger Event:
push
-
Statement type:
File details
Details for the file fsspec_1password-0.3.0-py3-none-any.whl.
File metadata
- Download URL: fsspec_1password-0.3.0-py3-none-any.whl
- Upload date:
- Size: 8.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
377c790bc25157910e797b1f81796cf685a3ec2cbbf7bf7447a42667c9913c86
|
|
| MD5 |
f4f2227e36ebaca37b3d7a27b6eb0ba8
|
|
| BLAKE2b-256 |
13b391cd08632c4e1d53d94952a5048721504d8967cc0ade5a2933d7c908fab1
|
Provenance
The following attestation bundles were made for fsspec_1password-0.3.0-py3-none-any.whl:
Publisher:
tests.yaml on mauvilsa/fsspec-1password
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
fsspec_1password-0.3.0-py3-none-any.whl -
Subject digest:
377c790bc25157910e797b1f81796cf685a3ec2cbbf7bf7447a42667c9913c86 - Sigstore transparency entry: 1860410588
- Sigstore integration time:
-
Permalink:
mauvilsa/fsspec-1password@469a6422e067bdc4defdba264a268fc7cf0a195b -
Branch / Tag:
refs/tags/v0.3.0 - Owner: https://github.com/mauvilsa
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
tests.yaml@469a6422e067bdc4defdba264a268fc7cf0a195b -
Trigger Event:
push
-
Statement type: