Arkanis.Hosting.Extensions.1Password
1.0.0-dev.2
See the version list below for details.
dotnet add package Arkanis.Hosting.Extensions.1Password --version 1.0.0-dev.2
NuGet\Install-Package Arkanis.Hosting.Extensions.1Password -Version 1.0.0-dev.2
<PackageReference Include="Arkanis.Hosting.Extensions.1Password" Version="1.0.0-dev.2" />
<PackageVersion Include="Arkanis.Hosting.Extensions.1Password" Version="1.0.0-dev.2" />
<PackageReference Include="Arkanis.Hosting.Extensions.1Password" />
paket add Arkanis.Hosting.Extensions.1Password --version 1.0.0-dev.2
#r "nuget: Arkanis.Hosting.Extensions.1Password, 1.0.0-dev.2"
#:package Arkanis.Hosting.Extensions.1Password@1.0.0-dev.2
#addin nuget:?package=Arkanis.Hosting.Extensions.1Password&version=1.0.0-dev.2&prerelease
#tool nuget:?package=Arkanis.Hosting.Extensions.1Password&version=1.0.0-dev.2&prerelease
๐ Arkanis.Hosting.Extensions.1Password
Seamlessly integrate 1Password secrets into your .NET applications during development.
โจ Why This Library?
If you love 1Password (and who doesn't?) and want to bring that same level of security and convenience to your .NET development workflow, this library is for you.
The Problem: Managing secrets during development is painful. You don't want to commit API keys, connection strings, or passwords to source control, but you also don't want to juggle multiple files, environment variables, or complicated secret management systems just to run your app locally.
The Solution: This library bridges the gap between 1Password and your .NET application's configuration system. Just reference your 1Password secrets using the op:// URI scheme in your existing configuration files, and let the library handle the rest. No changes to your existing configuration infrastructure required!
๐ Features
- ๐ฏ Zero Configuration Changes Required - Works seamlessly with your existing
IConfigurationsetup - ๐ Universal Compatibility - Supports
appsettings.json, environment variables, or any configuration source - โก Async-First Design - Built for modern .NET with full async/await support
- ๐งช Fully Testable - Comes with a mockable interface for unit testing
- ๐ Multi-Account Support - Specify which 1Password account to use
- ๐จ Developer-Friendly - Simple API with just one method call to set up
- ๐ฆ Lightweight - Built on .NET Standard 2.1 for broad compatibility
๐ฆ Installation
Install via NuGet Package Manager:
dotnet add package Arkanis.Hosting.Extensions.1Password
Or via Package Manager Console:
Install-Package Arkanis.Hosting.Extensions.1Password
๐ฏ Quick Start
1. Store your secrets in 1Password
Create a secret in 1Password (e.g., an API key in the "Private" vault under "MyApp/ApiKey").
2. Reference it in your configuration
Add a reference to your secret in appsettings.json using the op:// URI scheme:
{
"ApiKey": "op://Private/MyApp/ApiKey",
"Database": {
"ConnectionString": "op://Private/MyApp/database-connection"
}
}
3. Enable 1Password integration
Add one line to your application startup:
using Hosting.Extensions._1Password;
var builder = Host.CreateApplicationBuilder(args);
// That's it! ๐
await builder.Use1PasswordAsync("my.1password.com");
// or builder.Use1Password("my.1password.com");
var host = builder.Build();
await host.RunAsync();
4. Access your secrets normally
Your secrets are now available through the standard IConfiguration interface.
They are only resolved in-memory at runtime, so your configuration files remain clean.
var apiKey = builder.Configuration["ApiKey"];
var connectionString = builder.Configuration["Database:ConnectionString"];
// Use them as you normally would!
๐ Usage Examples
Basic Usage
var builder = Host.CreateApplicationBuilder(args);
// Resolve secrets from your default 1Password account
await builder.Use1PasswordAsync();
var host = builder.Build();
await host.RunAsync();
Specify a 1Password Account
var builder = Host.CreateApplicationBuilder(args);
// Use a specific 1Password account or sign-in address
await builder.Use1PasswordAsync("my.1password.com");
var host = builder.Build();
await host.RunAsync();
Synchronous API
If you prefer synchronous code:
var builder = Host.CreateApplicationBuilder(args);
// Synchronous version (blocks until secrets are resolved)
builder.Use1Password("my.1password.com");
var host = builder.Build();
host.Run();
Use in ASP.NET Core
Works perfectly with ASP.NET Core applications:
var builder = WebApplication.CreateBuilder(args);
// Inject 1Password secrets before registering services
await builder.Use1PasswordAsync("my.1password.com");
builder.Services.AddControllers();
// ... register other services
var app = builder.Build();
app.Run();
Environment-Specific Configuration
Only use 1Password in development:
var builder = Host.CreateApplicationBuilder(args);
if (builder.Environment.IsDevelopment())
{
await builder.Use1PasswordAsync("my.1password.com");
}
var host = builder.Build();
await host.RunAsync();
Complex Configuration Structures
The library automatically traverses nested configuration:
{
"Authentication": {
"Google": {
"ClientId": "op://Private/OAuth/Google/client-id",
"ClientSecret": "op://Private/OAuth/Google/client-secret"
},
"GitHub": {
"ClientId": "op://Private/OAuth/GitHub/client-id",
"ClientSecret": "op://Private/OAuth/GitHub/client-secret"
}
},
"Database": {
"Primary": "op://Private/Database/primary-connection",
"Readonly": "op://Private/Database/readonly-connection"
}
}
All op:// references are automatically detected and resolved, no matter how deeply nested!
๐งช Testing
The library is designed with testability in mind. Use the IOpCliInvoker interface to mock 1Password CLI calls in your tests:
using NSubstitute;
// Create a mock invoker
var mockInvoker = Substitute.For<IOpCliInvoker>();
mockInvoker.InvokeAsync(Arg.Any<string?>(), Arg.Any<string>())
.Returns(new BufferedCommandResult(
exitCode: 0,
standardOutput: "ApiKey=\"test-api-key-123\"",
standardError: ""
));
// Use it in your tests
var builder = Host.CreateApplicationBuilder(args);
await builder.Use1PasswordAsync(
account: "my.1password.com",
opCliInvoker: mockInvoker
);
// Verify the configuration was populated
Assert.Equal("test-api-key-123", builder.Configuration["ApiKey"]);
๐ Requirements
Runtime Requirements
- .NET Runtime: .NET Standard 2.1 or higher (supports .NET Core 3.0+, .NET 5+, .NET 6+, etc.)
- 1Password CLI: The
opCLI must be installed and available in your PATH - Authentication: You must be signed in to 1Password (the CLI will use your existing session)
Installation
To install the 1Password CLI:
# macOS (via Homebrew)
brew install 1password-cli
# Windows (via WinGet)
winget install 1password-cli
# Or download from: https://developer.1password.com/docs/cli/get-started/
๐ง How It Works
- Detection: The library scans your
IConfigurationfor any values starting withop:// - Templating: It builds a template with all detected secret references
- Resolution: It invokes the 1Password CLI (
op inject) to resolve all secrets in one call - Injection: The resolved values are written back into your configuration in-memory
All of this happens transparently during application startup, before your services are registered or initialized.
๐ฏ Use Cases
This library is perfect for:
- โ Local development - Keep secrets secure while developing locally
- โ Team collaboration - Share secret references (not secrets themselves) in source control
- โ Rapid prototyping - Get started quickly without complex secret management
- โ Multi-environment setups - Different secrets per environment, same configuration structure
Not recommended for:
- โ Production deployments - Use your platform's native secret management (Azure Key Vault, AWS Secrets Manager, etc.)
๐ค Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
Building from Source
# Clone the repository
git clone https://github.com/ArkanisCorporation/Hosting.Extensions.1Password.git
cd Hosting.Extensions.1Password
# Restore dependencies
dotnet restore
# Build the solution
dotnet build
# Run tests
dotnet test
๐ License
This project is licensed under the MIT License - see the LICENSE.md file for details.
๐ Acknowledgments
- Built with โค๏ธ for the .NET and 1Password communities
- Powered by CliWrap for reliable CLI invocation
- Inspired by the amazing developer experience that 1Password provides
๐ Support
- Issues: GitHub Issues
- Discussions: GitHub Discussions
Made with ๐ by developers who love 1Password
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net5.0 was computed. net5.0-windows was computed. net6.0 was computed. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 was computed. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 was computed. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
| .NET Core | netcoreapp3.0 was computed. netcoreapp3.1 was computed. |
| .NET Standard | netstandard2.1 is compatible. |
| MonoAndroid | monoandroid was computed. |
| MonoMac | monomac was computed. |
| MonoTouch | monotouch was computed. |
| Tizen | tizen60 was computed. |
| Xamarin.iOS | xamarinios was computed. |
| Xamarin.Mac | xamarinmac was computed. |
| Xamarin.TVOS | xamarintvos was computed. |
| Xamarin.WatchOS | xamarinwatchos was computed. |
-
.NETStandard 2.1
- CliWrap (>= 3.10.0)
- JetBrains.Annotations (>= 2025.2.4)
- Microsoft.Extensions.Configuration (>= 10.0.2)
- Microsoft.Extensions.Configuration.Binder (>= 10.0.2)
- Microsoft.Extensions.DependencyInjection.Abstractions (>= 10.0.2)
- Microsoft.Extensions.Diagnostics.Abstractions (>= 10.0.2)
- Microsoft.Extensions.Hosting (>= 10.0.2)
- Microsoft.Extensions.Hosting.Abstractions (>= 10.0.2)
- Microsoft.Extensions.Logging.Abstractions (>= 10.0.2)
NuGet packages (1)
Showing the top 1 NuGet packages that depend on Arkanis.Hosting.Extensions.1Password:
| Package | Downloads |
|---|---|
|
Arkanis.Aspire.Hosting.Extensions.1Password
Allows you to use secrets from 1Password during development. Supports secrets set via `appsettings.json`, environment variable, or any other method that is compatible with the `IConfiguration` interface. Automatically injects secrets from 1Password by finding all `IConfiguration` entries that contain a 1Password secret reference and resolves them by invoking the `op` CLI. |
GitHub repositories
This package is not used by any popular GitHub repositories.
| Version | Downloads | Last Updated |
|---|---|---|
| 2.0.0 | 269 | 6/27/2026 |
| 2.0.0-dev.1 | 53 | 6/27/2026 |
| 1.1.0 | 828 | 3/10/2026 |
| 1.1.0-dev.1 | 141 | 3/3/2026 |
| 1.0.1 | 144 | 2/7/2026 |
| 1.0.1-dev.1 | 73 | 2/7/2026 |
| 1.0.0 | 126 | 2/4/2026 |
| 1.0.0-dev.2 | 81 | 2/7/2026 |
| 1.0.0-dev.1 | 73 | 2/4/2026 |