1Password - João's Brain

# 1Password ## Keyboard Shortcuts The ones I actually use. Full list: [1Password Keyboard Shortcuts](https://support.1password.com/keyboard-shortcuts/) | macOS | Windows/Linux | Action | |-------|---------------|--------| | `Cmd+Shift+Space` | `Ctrl+Shift+Space` | Quick Access | | `Cmd+\` | `Ctrl+\` | Autofill | | `Cmd+Shift+L` | `Ctrl+Shift+L` | Lock 1Password | | `Cmd+Shift+C` | `Ctrl+Shift+C` | Copy password | | `Cmd+C` | `Ctrl+C` | Copy username | | `Opt+Cmd+C` | `Ctrl+Alt+C` | Copy OTP | | `Cmd+Shift+F` | `Ctrl+Shift+F` | Open website + autofill | | `Cmd+R` | `Ctrl+R` | Reveal/conceal fields | | `Opt` (hold) | `Alt` (hold) | Temporarily reveal all fields | | `Cmd+Shift+X` / `Cmd+.` | `Ctrl+Shift+X` / `Ctrl+.` | Open browser extension (Chrome/Edge/Brave / Firefox) | ## Wi-Fi QR Codes Wi-Fi login entries automatically generate a QR code that others can scan to join the network — no need to share the password manually. ## API Key Management with `op run` ```text 1Password vault ~/.env.d/*.env op run (stores secrets) <──> (op:// references) ──> (injects env vars at runtime) ``` Keeps plaintext keys off disk. Env files only contain `op://` references, so they're safe to back up and version. ### Create an env file with `op://` references ```bash # ~/.env.d/myapp.env OPENAI_API_KEY="op://Private/OpenAI API Key/credential" ANTHROPIC_API_KEY="op://Private/Anthropic API Key/credential" ``` The URI format is `op://<vault>/<item>/<field>`. ### Run commands with secrets injected ```bash op run --env-file=~/.env.d/myapp.env -- some-command ``` Secrets are resolved from the vault and passed as environment variables, only in memory for the duration of the process. ### Optional: wrap as a shell alias ```bash alias myapp='op run --env-file="$HOME/.env.d/myapp.env" -- myapp' ``` ### Gotcha: TUI apps and `--no-masking` By default, `op run` intercepts and masks any output that matches a secret value (to prevent accidental leaks in logs). This breaks TUI applications (like opencode) because it interferes with the terminal's raw mode and ANSI escape sequences. Use `--no-masking` to disable this: ```bash alias opencode='op run --no-masking --env-file="$HOME/.env.d/opencode.env" -- opencode' ``` ### One-off key read ```bash op read "op://Private/OpenAI API Key/credential" ``` ### Adding a new key ```bash op item create --category="API Credential" --title="Service Name" --vault=Private --tags="API" 'credential=THE_KEY' ``` Then add the `op://` reference to the appropriate `~/.env.d/*.env` file. ### References - [CLI secrets docs](https://developer.1password.com/docs/cli/secrets-environment-variables) - [Secret reference syntax](https://developer.1password.com/docs/cli/secret-reference-syntax/) ## Legacy: macOS Keychain Approach See [[macOS#macOS Keychain for Secrets]] for the pre-`op run` approach using the `security` command.