1Password API Token
Service Name: 1Password
Service Description: 1Password is a password manager that allows users to store various passwords, software licenses, and other sensitive information in a virtual vault that is locked with a master password.
Service Address: https://1password.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through 1Password's access control settings.
Secret Access Scope: Grants programmatic access to 1Password vaults, items, users, and groups through the 1Password API.
Secret Revokement URL: https://developer.1password.com/docs/connect/manage-secrets#revoke-a-token
Secret Example: eyJhbGciOiJFUzI1NiIsImtpZCI6InNvbWVrZXkiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiY29tLjFwYXNzd29yZC5jb25uZWN0Il0sImV4cCI6MTYzMDAwMDAwMCwiaWF0IjoxNjAwMDAwMDAwLCJpc3MiOiJjb20uMXBhc3N3b3JkLmI1IiwianRpIjoic29tZWlkIiwic3ViIjoiT1AiLCJ2ZXIiOjF9.SIGNATURE
Suspicious Activity Investigation Instructions:
-
Review 1Password activity logs for unauthorized access or unusual operations.
-
Check for unexpected vault access or item modifications.
-
Monitor for unusual API calls or access patterns.
-
Verify if any sensitive information was accessed or exported.
-
Review IP addresses that have accessed the account for any unfamiliar locations.
Mitigation Instructions:
-
Immediately revoke the compromised API token through the 1Password admin console.
-
Generate a new API token if needed for legitimate services.
-
Review and update access controls for all 1Password vaults.
-
Enable two-factor authentication if not already enabled.
-
Audit all integrations that use 1Password API tokens.
-
Consider rotating passwords for critical accounts stored in 1Password.
-
Review 1Password Connect server configurations if using 1Password Connect.