macOS · 1Password · coding agents

AgentSecret

Local approvals for coding-agent secrets. Agents request exact 1Password secrets, explain why, and show the command that will receive approved values.

Install with Homebrew View source

Used daily across personal, employee, and shared 1Password vaults.

approval context

reason: Terraform DNS management
command: terraform plan
secret: op://.../Cloudflare/token

approve exact secrets

Why it exists

Touch ID alone is not enough context.

Useful agents need access to deploy hooks, databases, cloud APIs, SaaS admin surfaces, internal tools, and personal or team credentials. The more useful the agent fleet becomes, the more dangerous broad ambient access gets.

Raw op prompts are gated, but opaque. When many agents run in parallel, a random 1Password approval prompt does not tell you which agent asked, what it wants, why, or where the value will go.

What it brokers

The approval prompt carries the missing intent.

Exact secrets

Agents ask for specific 1Password items and fields instead of broad access.

Human-readable reason

The request explains why the secret is needed before any value is fetched.

Command-bound delivery

Approved values are delivered to the shown child process, not printed into logs.

What changes

Approvals become readable agent intent.

Agent Secret turns secret access into a native approval moment with request context: reason, command, working directory, aliases, and exact 1Password secret references. Deny it when the request does not make sense, or approve it when the agent is on the right path.

Agent Secret approval prompt showing the command, reason, working directory, and requested secrets

Install

Homebrew first.

Agent Secret ships as a signed and notarized macOS app bundle with the CLI inside it. There is no hosted Agent Secret account to create.

brew tap kovyrin/agent-secret https://github.com/kovyrin/agent-secret
brew install --cask agent-secret
agent-secret skill-install
agent-secret doctor

Use

Put references in config. Approve values at runtime.

Profile

version: 1
default_profile: terraform-cloudflare

profiles:
  terraform-cloudflare:
    reason: Terraform DNS management
    ttl: 10m
    secrets:
      CLOUDFLARE_API_TOKEN: op://Example/Cloudflare/token

Command

agent-secret exec --profile terraform-cloudflare -- terraform plan

The approved child gets the secret. Project files and agent logs keep the reference, not the value.

Agent Secret item metadata approval prompt

Discovery

Inspect item metadata without printing values.

When agents need to wire a profile, they can ask for labels, IDs, field types, and canonical references without receiving secret values.

agent-secret item describe --format env-refs "op://Example Infra/Database Credentials"

Security boundary

A local approval broker, not a sandbox.

What it protects

Configs and command flags carry references, not values.
The daemon fetches only approved secrets for the request.
Audit logs carry metadata, never raw secrets.
Reusable approvals are bounded by command, cwd, secret references, account, TTL, and use count.

What it does not claim

No sandbox for a malicious approved child process.
No Linux or Windows support yet.
No secret modification yet.
No GCP Secret Manager support yet.

Read the threat model

Privacy

No telemetry, no hosted account, no secret collection.

Agent Secret is a local app and CLI. The project website does not use analytics or advertising cookies, and the app does not send raw secret values to the maintainer.

Read the privacy policy

Requirements

Built for the current workflow.

macOS 14 or newer on Apple Silicon
1Password desktop app, signed in and unlocked
1Password Developer SDK integration enabled
Homebrew for the recommended install path

Open source

Built in public for real agent workflows.

Agent Secret is a personal tool built for a team that uses agents heavily every day. It is already useful here; the launch is about making it discoverable for people with the same problem.

Open GitHub File an issue