Introducing 1Password Credential Broker

Right now, somewhere in your organization, a service account token is sitting in a CI/CD environment variable with access to your entire cloud environment. The job it was created for got deleted three sprints ago, and nobody knows it's still there.

Unfortunately, that’s not just a worst case scenario. For many teams it's a byproduct of how they manage credentials today. Someone in your organization creates a token, scopes it broadly to avoid any last-minute permission errors, drops it into a config file or a pipeline environment variable. They assume someone else will track it down to revoke it when the work is done. That assumption is almost always wrong, and the tokens and overprovisioned access accumulate.

Machine identities now vastly outnumber human identities across most enterprises, and AI agents are growing faster and are governed less than almost anything else in the stack. The attack surface keeps expanding, and most teams are still managing credentials and access with the same approach they used five years ago.

1Password has spent more than a decade building what we believe is the best credential vault for humans. More than 180,000 businesses trust us to protect their most sensitive credentials and secrets. Now we're extending that same foundation to the machine workloads and AI agents.

Introducing 1Password Credential Broker

Our new 1Password Credential Broker extends what you can do with 1Password, from storing credentials and secrets to brokering them at runtime: delivering the right credential to the right workload at the moment work actually needs to happen.

A machine workload or AI agent shouldn't hold credentials it doesn't currently need. It should prove who it is, get exactly what policy allows, and lose that access when its job is done. 1Password Credential Broker does exactly that, using the same 1Password vault, policy controls, and audit tools your team already relies on.

Our initial beta focuses on GitHub Actions, which handles more than 6 billion workflow runs per month and is used by more than 90% of Fortune 100 companies. That's where most enterprise CI/CD already lives, so that's where we started.

How it works

When a GitHub Actions workflow runs, GitHub automatically generates a signed token confirming exactly which repo, branch, and workflow is executing. Think of it like a digital badge: here's what this job is and where it came from. 1Password reads that badge, checks it against a trust policy you configure, and delivers exactly the credential that specific job is approved for, nothing more.

With the 1Password Credential Broker, there's no service account token to distribute or rotate, and the workload doesn’t receive standing access to a vault. It only gets the credential it needs, at the moment it needs it. So if a pipeline is ever compromised, an attacker can only reach the one credential that job was authorized to retrieve, not the entire vault.This is how we help you close the gap that service accounts leave open.

Best of all, every access event is logged with full attribution: the repo, branch, workflow, environment, and commit that triggered the request. Your audit trail no longer says "a service account accessed this item." It tells you exactly which workload accessed it, from where, and on behalf of whom.

What the beta covers, and what's coming

The Credential Broker private beta covers GitHub Actions, with job-scoped access windows, item-level scoping within the vault, and full attribution logging on every credential request.

Right now, the Credential Broker covers a specific but important part of the credential lifecycle. When a workload pulls a credential from 1Password, how long that credential lives in the upstream system still depends on that system's own policies. A database password pulled from 1Password may still be long-lived in the database it connects to. Automatic rotation isn't in this release. What this release does remove is standing vault access, and every job gets scoped to exactly the credential it needs. That's a real, meaningful reduction in blast radius, and we will continue building on this foundation.

Later this year, we’ll be extending Credential Broker to AI agents. Today, when an AI agent needs to take action (querying a database, calling an API, writing to a business system), it typically gets handed a long-lived OAuth token. That token usually has no expiration date, and can accumulate permissions over time. If the agent drifts or is compromised, you often don't have a clean way to stop it, audit what it touched, or determine who was accountable for its access.

With our Credential Broker, an agent requests a short-lived token scoped to the specific task at hand. When the task is done, the token expires. The agent never holds a refresh token, so it can't quietly extend its own access without policy you define approving it again. With this addition, every request will be logged with the agent's identity, and the identity of the person on your team who delegated the task. That gives you a clear, auditable chain from action back to authorization.

For security leaders, the concern with AI agents usually comes down to three questions: who authorized this agent to access this system, what did it touch, and can you revoke it without breaking the workflow? With Credential Broker, you can confidently answer all three.

Before you can govern AI access, you have to establish AI identity. That's what we're building toward.

Part of the 1Password Unified Access platform

The 1Password Credential Broker is part of our Unified Access Platform, which lets you discover, secure, and audit access across humans, AI agents, and machines from a single system you already trust.

Our Credential Broker extends that foundation to machine workloads and agents. The vault governance and audit trail that already covers every human credential in your organization now applies to the pipelines and agents running alongside your team. There's no separate secrets management infrastructure to bolt on, and your team manages everything from the same 1Password interface they already use across Windows, Mac, Linux, and mobile. 

Join the private beta

1Password Credential Broker is in private beta starting June 15, 2026, with GA targeted for late 2026.

If you're interested in early access, you can sign up here.

To learn more, visit the 1Password Credential Broker page.