1Password expands OpenAI Codex deal for secure credentials

1Password has expanded its collaboration with OpenAI with a new Codex integration aimed at helping developers use credentials in coding workflows without exposing secrets to the model.

The product, called the 1Password Environments MCP Server for Codex, lets developers approve credential use within their workflow while keeping those credentials out of prompts, code and model context.

The announcement addresses a growing challenge for software teams as AI coding agents take on a larger role in writing, executing and preparing code for production. Those agents often need access to databases, application programming interfaces and deployment pipelines, creating security risks when credentials are copied into local files, pasted into prompts or hardcoded into repositories.

Under the integration, secrets remain stored in 1Password and are injected at runtime into an authorised process after user authentication or approval. The credentials are not written to disk and remain available only for the duration of the execution or session, according to the companies.

The approach is intended to reduce the risk of credentials being exposed through the model itself or left behind in codebases and developer tools. It also moves credential handling into the same environment where developers already use AI assistants.

The integration lets teams prompt Codex to use 1Password and the MCP server to store the credentials it needs, reference vaulted credentials without exposing their values in code or terminals, and replace hardcoded credentials with vaulted references.

The partnership also gives OpenAI a security option for customers trying to deploy coding agents in live development environments. As developers adopt AI tools more widely, identity and security providers have been building controls around how autonomous or semi-autonomous systems access sensitive systems and data.

1Password positioned the integration as part of a broader effort to act as a central control point for access by both humans and AI agents. Its platform is intended to govern what different identities can access and under what conditions.

In software development, the practical issue is straightforward. AI agents may need temporary access to a cloud service, a test database or a deployment tool to complete a task, but many existing workflows still rely on static credentials that can be copied, reused or leaked.

Security specialists have increasingly warned that embedding secrets in prompts, repositories or local environments creates lasting exposure risk, especially as AI tools become more embedded in daily engineering work. By limiting credentials to approved runtime sessions, companies are trying to reduce that exposure without preventing developers from using AI systems in routine tasks.

1Password said more than 1 million developers and over 180,000 businesses use its products. Its enterprise vault, it added, protects more than 1.3 billion credentials and secrets.

OpenAI highlighted the need for tighter controls as coding agents move into production workflows.

"As developers bring coding agents into real software workflows, secure access to credentials is critical," said Nick Steele, Agent Security, OpenAI. "1Password's MCP server for Codex helps teams give agents the access they need at runtime, without copying credentials into prompts, local files, or repositories. That's the kind of security that simplifies agentic development, empowering teams to ship faster while keeping sensitive credentials protected."

1Password Chief Technology Officer Nancy Wang said the security model for AI-native development needs to centre on temporary rather than persistent credentials.

"As coding agents take on more of the software development lifecycle, the question isn't whether to give them access, but how," Wang said. "A credential that persists is already compromised. That's why just-in-time credentials are the only viable security model for AI-native development."