Skip to content

1Password/load-secrets-action

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

300 Commits
.github/workflows
.github/workflows
Β 
Β 
config
config
Β 
Β 
configure
configure
Β 
Β 
dist
dist
Β 
Β 
docs
docs
Β 
Β 
src
src
Β 
Β 
tests
tests
Β 
Β 
.gitignore
.gitignore
Β 
Β 
CONTRIBUTING.md
CONTRIBUTING.md
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
action.yml
action.yml
Β 
Β 
package-lock.json
package-lock.json
Β 
Β 
package.json
package.json
Β 
Β 
tsconfig.json
tsconfig.json
Β 
Β 

Repository files navigation

Load Secrets from 1Password - GitHub Action

Provide the secrets your GitHub runner needs from 1Password.

Get started

load-secrets-action loads secrets from 1Password into GitHub Actions using Service Accounts or 1Password Connect.

Specify in your workflow YAML file which secrets from 1Password should be loaded into your job, and the action will make them available as environment variables for the next steps.

Read more on the 1Password Developer Portal.

πŸͺ„ See it in action!

Using 1Password Service Accounts with GitHub Actions - showcase

✨ Quickstart

Export secrets as a step's output (recommended)

on: push jobs: hello-world: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Load secret id: load_secrets uses: 1password/load-secrets-action@v4 env: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} SECRET: op://app-cicd/hello-world/secret OP_ENV_FILE: "./path/to/.env.tpl" # see tests/.env.tpl for example - name: Print masked secret run: 'echo "Secret: ${{ steps.load_secrets.outputs.SECRET }}"' # Prints: Secret: ***

Export secrets as env variables

on: push jobs: hello-world: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Load secret uses: 1password/load-secrets-action@v4 with: # Export loaded secrets as environment variables export-env: true env: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} SECRET: op://app-cicd/hello-world/secret OP_ENV_FILE: "./path/to/.env.tpl" # see tests/.env.tpl for example - name: Print masked secret run: 'echo "Secret: $SECRET"' # Prints: Secret: ***

πŸ”‘ SSH Key Format

When loading SSH keys, you can specify the format using the ssh-format query parameter. This is useful when you need the private key in a specific format like OpenSSH.

- name: Load SSH key uses: 1password/load-secrets-action@v4 env: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} # Load SSH private key in OpenSSH format SSH_PRIVATE_KEY: op://vault/item/private key?ssh-format=openssh

For more details on secret reference syntax, see the 1Password CLI documentation.

πŸ’™ Community & Support

πŸ” Security

1Password requests you practice responsible disclosure if you discover a vulnerability.

Please file requests by sending an email to bugbounty@agilebits.com.

About

Load secrets from 1Password into your GitHub Actions jobs

developer.1password.com

Topics

1password secrets-management github-actions service-accounts 1password-connect

Resources

Readme

License

MIT license

Contributing

Contributing
Activity
Custom properties

Stars

298 stars

Watchers

10 watching

Forks

44 forks
Report repository

Releases 16

v4.0.0 Latest
Mar 23, 2026
+ 15 releases

Contributors 19

+ 5 contributors

Languages