Skip to content

1Password API Token

Service Name: 1Password

Service Description: 1Password is a password manager that allows users to store various passwords, software licenses, and other sensitive information in a virtual vault that is locked with a master password.

Service Address: https://1password.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through 1Password's access control settings.

Secret Access Scope: Grants programmatic access to 1Password vaults, items, users, and groups through the 1Password API.

Secret Revokement URL: https://developer.1password.com/docs/connect/manage-secrets#revoke-a-token

Secret Example: eyJhbGciOiJFUzI1NiIsImtpZCI6InNvbWVrZXkiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiY29tLjFwYXNzd29yZC5jb25uZWN0Il0sImV4cCI6MTYzMDAwMDAwMCwiaWF0IjoxNjAwMDAwMDAwLCJpc3MiOiJjb20uMXBhc3N3b3JkLmI1IiwianRpIjoic29tZWlkIiwic3ViIjoiT1AiLCJ2ZXIiOjF9.SIGNATURE

Suspicious Activity Investigation Instructions:

  • Review 1Password activity logs for unauthorized access or unusual operations.

  • Check for unexpected vault access or item modifications.

  • Monitor for unusual API calls or access patterns.

  • Verify if any sensitive information was accessed or exported.

  • Review IP addresses that have accessed the account for any unfamiliar locations.

Mitigation Instructions:

  • Immediately revoke the compromised API token through the 1Password admin console.

  • Generate a new API token if needed for legitimate services.

  • Review and update access controls for all 1Password vaults.

  • Enable two-factor authentication if not already enabled.

  • Audit all integrations that use 1Password API tokens.

  • Consider rotating passwords for critical accounts stored in 1Password.

  • Review 1Password Connect server configurations if using 1Password Connect.