Machine and AI agent credentials issued at runtime
Zero standing access
Workloads don't hold long-lived credentials. They prove who they are, get what policy allows, and lose access when the work is done.
The platform identifies the job
Credential Broker verifies the workload's identity using Workload Identity Federation first, then delivers only the credential that job is approved for.
Limited potential blast radius
If compromised, access is limited to what 1Password authorized for that job. Blast radius stops at one credential, not the entire vault.
Full attribution on every delivery
Every credential delivery is logged with full attribution: the workload that requested access, and the human whose policy authorized it.
Zero knowledge, end to end
Credential Broker encrypts every secret with two separate keys: one that lives in your environment, one that stays locked inside a confidential computing enclave with 1Password. Decrypting a credential requires both.
Before a credential is delivered, Credential Broker verifies the workload's identity and checks it against your policy. The job gets exactly what it was approved for, nothing more. Every delivery is logged with full attribution: the workload that requested access, and the human whose policy authorized it.
A common credential foundation for every identity
1Password Credential Broker beta starts with GitHub Actions
Any GitHub Actions workflow can use Workload Identity Federation to prove its identity to 1Password and receive the exact credential it's approved for, with no service account token required and full attribution on every delivery.
Integrations for AI agent and machine workload
Coming soon: extend the same credential model to every identity in your environment, across humans, machines, and AI agents, through a common identity fabric.