Gateway
1Password
OpenClaw pairs with 1Password in two independent ways:
- Config secrets: any SecretRef field in
openclaw.jsoncan resolve through theopCLI at runtime, so API keys never live in the config file. - Agent workflows: the bundled
1passwordskill teaches agents to sign in and read or inject secrets withopfor their own tasks.
Requirements
- The 1Password CLI (
op) installed on the Gateway host (brew install 1password-clion macOS). - An auth mode for
op:- Service account (recommended for headless Gateways): export
OP_SERVICE_ACCOUNT_TOKENin the Gateway service environment. No desktop app, no interactive sign-in. - Desktop app integration: the 1Password app runs on the same machine with CLI integration enabled. First calls may trigger Touch ID or system auth.
- Standalone sign-in:
op signinprompts per session. Workable for agents through the skill, but not suited for config secret resolution on a headless Gateway.
- Service account (recommended for headless Gateways): export
Resolve config secrets with op
Declare an exec secret provider that runs op read with an op://vault/item/field reference, then point any SecretRef-capable field at it:
{ secrets: { providers: { onepassword_openai: { source: "exec", command: "/opt/homebrew/bin/op", allowSymlinkCommand: true, // required for Homebrew symlinked binaries trustedDirs: ["/opt/homebrew"], args: ["read", "op://Personal/OpenClaw QA API Key/password"], passEnv: ["HOME"], jsonOnly: false, }, }, }, models: { providers: { openai: { baseUrl: "https://api.openai.com/v1", models: [{ id: "gpt-5", name: "gpt-5" }], apiKey: { source: "exec", provider: "onepassword_openai", id: "value" }, }, }, },}How the pieces fit:
commandmust be an absolute path;trustedDirsmarks its directory as trusted, andallowSymlinkCommandis needed because Homebrew installsopas a symlink.argscarries theop://vault/item/fieldreference verbatim. OpenClaw does not parse theop://scheme itself; theopbinary resolves it.passEnvforwards the listed variables from the Gateway environment. Desktop app integration needsHOME; service accounts also needOP_SERVICE_ACCOUNT_TOKENpresent in the Gateway service environment (add it topassEnv, or set it viaenvonly if you accept the token being readable in the config file).- For single-value output keep
id: "value". WithjsonOnly: trueand a JSON payload, address fields with a JSON pointer id instead. - One provider entry per secret keeps references auditable; name providers after their consumer (
onepassword_openai,onepassword_telegram).
See Gateway secrets for resolution order, caching, and failure semantics, and SecretRef Credential Surface for every field that accepts SecretRefs.
Service account setup for headless Gateways
- Create a service account in your 1Password account and grant it read access to only the vault items the Gateway needs.
- Provide
OP_SERVICE_ACCOUNT_TOKENto the Gateway service (launchd plist, systemd unit, or container env). - Add
"OP_SERVICE_ACCOUNT_TOKEN"to the providerpassEnvlist. - Verify from the Gateway host environment:
op whoamishould print the service account without prompting.
Service account reads require the vault to be named explicitly in the op:// reference. Scope the account tightly; it is a bearer credential.
The 1password skill for agents
OpenClaw bundles a 1password skill that turns agents into competent op operators: it detects the available auth mode (service account, desktop app integration, or standalone sign-in), verifies access with op whoami before reading anything, and prefers op run / op inject over writing secret values to disk. The skill requires the op binary and offers a Homebrew install when it is missing.
Agents use it for their own workflows, for example reading a deploy token mid-task or injecting env vars into a command. It is independent of config secret resolution; the Gateway resolves SecretRefs without any skill involved.
Security notes
- Secret values resolved through exec providers stay in Gateway memory; config snapshots and
config.getresponses redact SecretRef fields. - Never place secret values in
openclaw.json, logs, or chat. Keep item names in config, values in 1Password. - The 1Password audit trail shows every service account read, which makes key rotation and incident review practical.
Troubleshooting
command not foundor spawn errors: use the absoluteoppath and include its directory intrustedDirs.opresolves but reads fail with symlink errors: setallowSymlinkCommand: truefor Homebrew installs.account is not signed in: for service accounts, confirmOP_SERVICE_ACCOUNT_TOKENreaches the Gateway service and is listed inpassEnv; for desktop integration, confirm the app is running and unlocked.- Slow first reads: raise
timeoutMson the provider;opcold starts can exceed strict timeouts on busy hosts.