1password-secret-references
1Password Secret References
Why this skill exists
Coding agents default to the path of least resistance with secrets — resolving them into
shell variables, printing them to stdout, or writing them to files. This leaks secrets into
terminal scrollback, shell history, the agent's context window, and process tables. This
skill enforces a single principle: secrets are resolved only inside the op run subprocess
boundary, never in the agent's visible shell.
Prerequisites
- 1Password desktop app installed and running
- 1Password CLI (
op) installed and available on PATH - Biometric unlock enabled (the desktop app authenticates the CLI)
Do not attempt to handle authentication yourself — no session tokens, no op signin, no
credentials. If an op run command fails with an authentication error, tell the user:
"Please unlock your 1Password desktop app so the CLI can authenticate via biometric."
More from jem-open/jem-agent-skills
review-fix-loop
Use when a code analysis tool reports findings and you want an automated fix-verify loop — runs the analysis command, dispatches parallel subagents to fix all findings, verifies with project lint and tests, and loops until zero findings remain.
18gtm
Release workflow for when you are ready to ship. Bumps the version file, creates a release branch, publishes a GitHub release with auto-generated notes, and opens PRs into the base branch and main. Both PRs are auto-merged by default once all branch protection requirements are satisfied; pass --no-auto-merge to leave them open.
14jem-ui-components
Complete reference for using @jem-open/jem-ui components — props, variants, design tokens, setup, and common mistakes to avoid.
14jem-ui-patterns
Guide for composing @jem-open/jem-ui components into app-level UI patterns — forms, data views, modals, navigation, and feedback.
13jem-ui-recipes
Copy-paste-ready code blocks for common pages and features built with @jem-open/jem-ui — search tables, CRUD forms, settings pages, and more.
12jem-brand-guidelines
>
7