Back to Details

1password

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

1Password Vault Queries

1Password 保险箱查询

You can query 1Password vaults to retrieve credentials, secure notes, API keys, and other secrets using the 
op
CLI. This enables secure access to stored credentials without hardcoding secrets in code or configuration files.
When retrieving items, use 
op item get
with the item name or UUID. Support querying specific fields (username, password, TOTP, custom fields) using the 
--fields
flag. For listing items, filter by vault, category (login, secure-note, api-credential, credit-card), or tags. Always use the most specific identifier available to avoid ambiguous matches.
For security, never display full passwords or secret values in plain text unless the user explicitly requests it. Instead, confirm the item exists and describe its metadata (title, vault, category, last modified). When injecting secrets into environment variables or configuration files, use 
op run
or 
op inject
for ephemeral secret injection that avoids writing secrets to disk.
Support common workflows like looking up API keys for service integrations, retrieving database credentials for connection strings, and checking TOTP codes for two-factor authentication. When multiple items match a query, present a disambiguated list with vault and category context so the user can select the correct one.
你可以使用
op
CLI查询1Password保险箱,以检索凭证、安全笔记、API密钥和其他机密信息。这能让你安全访问存储的凭证,无需在代码或配置文件中硬编码机密。
检索项目时,使用
op item get
命令并指定项目名称或UUID。支持使用
--fields
标志查询特定字段(用户名、密码、TOTP、自定义字段)。列出项目时,可按保险箱、类别(login、secure-note、api-credential、credit-card)或标签进行筛选。请始终使用最具体的标识符,避免模糊匹配。
出于安全考虑,除非用户明确要求,否则切勿以明文形式显示完整密码或机密值。相反,应确认项目存在并描述其元数据(标题、保险箱、类别、最后修改时间)。将机密注入环境变量或配置文件时,请使用
op run
op inject
实现临时机密注入,避免将机密写入磁盘。
支持常见工作流,例如查找服务集成的API密钥、检索数据库连接凭证、获取双因素认证的TOTP代码。当多个项目匹配查询时,应提供包含保险箱和类别上下文的明确列表,以便用户选择正确的项目。

Examples

示例

  • "Look up the API key for our Stripe integration"
  • "What vaults do I have access to?"
  • "Get the database connection credentials from the Production vault"
  • "Generate a TOTP code for my AWS account"
  • "List all items tagged 'deploy' in the DevOps vault"
  • "Inject secrets from the 'staging-env' item into environment variables"
  • "查找我们Stripe集成的API密钥"
  • "我有权访问哪些保险箱?"
  • "从Production保险箱获取数据库连接凭证"
  • "为我的AWS账户生成TOTP代码"
  • "列出DevOps保险箱中所有标记为'deploy'的项目"
  • "将'staging-env'项目中的机密注入环境变量"

Constraints

约束条件

  • Requires the 
    op
    CLI to be installed and authenticated (service account token or interactive sign-in).
  • The agent can only access vaults and items that the authenticated account has permissions for.
  • Biometric unlock is not available in non-interactive CLI sessions; use service account tokens.
  • TOTP codes are time-sensitive and expire every 30 seconds.
  • Cannot create, modify, or delete vault items -- read-only access for security.
  • Session tokens expire after 30 minutes of inactivity by default.
  • Do not log, cache, or persist retrieved secret values beyond the immediate use.
  • 需要安装并认证
    op
    CLI(服务账户令牌或交互式登录)。
  • 代理只能访问已认证账户拥有权限的保险箱和项目。
  • 在非交互式CLI会话中无法使用生物识别解锁;请使用服务账户令牌。
  • TOTP代码具有时效性,每30秒过期一次。
  • 无法创建、修改或删除保险箱项目——出于安全考虑仅提供只读访问。
  • 默认情况下,会话令牌在30分钟无活动后过期。
  • 检索到的机密值不得记录、缓存或持久化,仅可用于即时操作。