1Password and OpenAI Launch MCP Server to Keep Coding Agent Credentials Out of Model Context

1Password and OpenAI announced on May 20, 2026, a Model Context Protocol (MCP) server integration that allows OpenAI Codex coding agents to access credentials from 1Password vaults at runtime without exposing secret values to prompts, code repositories, terminals, or the model's context window. The 1Password Environments MCP Server for Codex provisions a secure runtime environment where secrets are mounted, used, and discarded, with user authentication required at the moment of access. Developers reference vaulted credentials inside Codex, but actual values never appear in code, terminals, or model context. The integration also enables Codex to be prompted to store newly created credentials directly in 1Password. The system uses a local MCP server connection to the 1Password desktop app, which handles identity, authorization, and secure access; every interaction requires explicit user approval.

AI coding agents require database, API, and deployment pipeline credentials to execute code, and these secrets are typically copied into .env files, hardcoded into repositories, or pasted into prompts—creating persistent exfiltration risk. The 1Password-OpenAI integration implements a just-in-time credential model: secrets are injected at runtime for authorized processes only, never stored in agent context, and disappear when the process completes. This addresses a structural security gap as agentic development shifts from AI-assisted code writing to AI-executed deployment. The MCP architecture ensures secrets remain end-to-end encrypted in 1Password vaults, with access scoped to specific tasks and users. For organizations adopting AI coding agents, this integration offers a governance model that supports velocity without trading away secret management.

Development teams using AI coding agents (Codex, Cursor, similar) that execute code against production or staging infrastructure. Particularly relevant for startups and scale-ups where developers use AI agents for deployment automation, API integration, and infrastructure configuration. Security and platform engineering teams should evaluate whether current coding-agent workflows expose credentials in prompts, local files, or repositories, and whether just-in-time secret provisioning can replace static credential storage.