Cybersecurity and password service provider 1Password LLC today expanded its collaboration with OpenAI Group PBC, releasing a Model Context Protocol server that lets the Codex coding agent pull credentials from 1Password vaults at runtime without exposing them to prompts, code or model context.

The 1Password Environments MCP Server for Codex provisions a secure runtime environment in which secrets are mounted, used and discarded, with user authentication required at the moment of access. Developers reference vaulted credentials inside Codex, but the actual values never appear in code, terminals, or the model’s context window.

The release continues a push by 1Password to position itself as the access layer for agentic development. The company has shipped similar integrations over the past year for Cursor, Browserbase and Perplexity AI Inc.’s Comet browser, all built around the same just-in-time pattern of issuing short-lived credentials that disappear once the task completes.

The problem the integration is targeting is well-documented. Codex and competing coding agents need access to databases, application programming interfaces and deployment pipelines to do useful work and in practice that access is often granted by pasting credentials into local files, dropping them into prompts, or hardcoding them into repositories where they can be exfiltrated. Long-lived secrets sitting in those locations have been the root cause of multiple high-profile breaches.

According to the company, the new MCP server addresses that pattern in three ways. Codex can be instructed to use 1Password to store any credentials it needs to create or handle. Developers can reference vaulted secrets inside Codex without those values surfacing in code, terminals, or model context and hardcoded credentials in existing projects can be replaced with vaulted references, moving secrets out of repositories entirely.

“As coding agents take on more of the software development lifecycle, the question isn’t whether to give them access, but how,” said Chief Technology Officer Nancy Wang. “A credential that persists is already compromised. That’s why just-in-time credentials are the only viable security model for AI-native development.”

OpenAI framed the integration as a way to keep agent velocity from outrunning enterprise security controls. “As developers bring coding agents into real software workflows, secure access to credentials is critical,” said Nick Steele, who works on agent security at OpenAI. “1Password’s MCP server for Codex helps teams give agents the access they need at runtime, without copying credentials into prompts, local files, or repositories.”

1Password said the Codex integration fits into its broader Unified Access platform, introduced in March, which is designed to govern access for human users, machine identities and AI agents through a single identity-first model.

The company’s enterprise vault protects more than 1.3 billion credentials and is used by more than 1 million developers and 180,000 businesses, including Asana Inc., Figma Inc., GitHub Inc., Stripe Inc. and Wiz Inc.

Photo: 1Password