What is the ideal 1password "object" or "entity" to use with CLI for automation purpose w/o sensitiv

Community Member

I just learned about the existence of CLI and once again thank you all for this awesome product.
As a longtime simple 1password user, I see this opening up to manage secrets for all cloud automation workflows.
Being brand new to the CLI product, my concern is I don't want "CLI" to access or replicate all of my sensitive secretes (finance, personal live, social media accounts, etc) on some hosted Cloud instances.

I don't see a clear documentation in the CLI documentation that provides clear instructions on how to create, authorize, designate ONLY "cloud automation secrets" that limits the scope of replication and accessibilities to non-cloud automation secrets? Maybe I have overlooked something or better search keywords. Any references to this topic will be greatly appreciated.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:type of 1password account scope


  • Hi @cequencer,

    Thanks for checking out the CLI. We'd love to hear about your experience with this use case if you get it up and running. :)

    Regarding what would get replicated or even just downloaded/decrypted on a cloud-hosted instance... the recommendation there would be to create a another 1Password user that has a more limited set of vaults. You could even consider creating a Guest account which wouldn't get access to your Shared vault nor would it get its own Private vault. This would require a 1Password Families, Teams or Business account.



This discussion has been closed.