// MCP TOOL REFERENCE

1PASSWORD TOOLS

8 tools from the 1password MCP Server, categorised by risk level.

View the 1password policy → Token cost: 1,286 tokens →
// ALL 8 1PASSWORD TOOLS
READ 3 tools
Read item_lookup Search for items within a 1Password vault by title substring. Returns item IDs, titles, categories, and vau... Read password_read Retrieve a secret from 1Password using either a secret reference (op://vault/item/field) or vault ID + item... Read vault_list List all 1Password vaults accessible to the service account. Returns vault IDs, names, descriptions, and ty...
WRITE 4 tools
Write password_create Create a new password/login item in a 1Password vault with optional username, URL, tags, and notes. Write password_generate Generate a cryptographically secure random password with configurable length and character types. Uses reje... Write password_generate_memorable Generate a memorable passphrase from random dictionary words with optional number and symbol suffixes. Uses... Write password_update Update (rotate) a password or concealed field on an existing 1Password item. If the target field does not e...
DESTRUCTIVE 1 tools
Destructive item_delete Permanently delete an item from a 1Password vault. This action cannot be undone.
// RUNNING THIS SERVER

The managed route: connect 1password through the PolicyLayer gateway — every tool call above is checked against your policy before it runs, with a full audit log.

DIRECT INSTALL (UNMANAGED) npx -y @takescake/1password-mcp
// FAQ
How many tools does the 1password MCP server have? +

The 1password MCP server exposes 8 tools across 3 categories: Read, Write, Destructive.

How do I enforce policies on 1password tools? +

Route the 1password server through the PolicyLayer gateway. Define allow, deny, or approval rules per tool in the dashboard — they are enforced on every call before it reaches the server.

What risk categories do 1password tools fall into? +

1password tools are categorised as Read (3), Write (4), Destructive (1). Each category has a recommended default policy.

Let agents act without letting them run wild.

Route your MCP servers through PolicyLayer and every tool call is checked against your policy before it runs — allow, deny, or require approval. Per-identity grants. Full audit log. Live in minutes.

SECURE YOUR MCP →

Free to start. No card required.

4,600+ MCP servers and 31,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.