1Password becomes a trusted access layer for Codex, issuing credentials just-in-time while keeping them outside the model’s context window
TORONTO--(BUSINESS WIRE)--1Password, a leader in identity security, today announced an expanded collaboration with OpenAI to secure Codex access to credentials. With the new 1Password Environments MCP Server for Codex, developers can grant Codex access to credentials directly inside their coding workflows while keeping secrets out of prompts, code, and model context.
“As coding agents take on more of the software development lifecycle, the question isn't whether to give them access, but how,” said Nancy Wang, CTO of 1Password. “A credential that persists is already compromised. That’s why just-in-time credentials are the only viable security model for AI-native development.”
Trusted Access for Codex, Built Into the Developer Workflow
Codex is helping developers write, execute, and prepare code for production. As AI agents play a larger role in the development process, they require access to credentials for databases, APIs, and deployment pipelines. Today, that access is often managed by copying credentials into local files, passing them through prompts, or hardcoding them into repositories where they can be easily exfiltrated.
The 1Password Environments MCP Server for Codex ensures secrets never leave 1Password. Instead, secrets are injected at runtime into an authorized process (after user authentication or approval), and aren’t written to disk; they’re only available for the duration of that execution or session. The integration enables teams to:
- Catch secrets at the source: Codex can be prompted to use 1Password and the 1Password MCP server to store credentials that it must use.
- Use secrets without seeing them: Developers reference vaulted credentials inside Codex without the values ever appearing in code, terminals, or model context.
- Keep secrets outside of code: Replace every hardcoded credential with a vaulted reference, so secrets live in 1Password instead of in code repositories or Codex.
“As developers bring coding agents into real software workflows, secure access to credentials is critical,” said Nick Steele, Agent Security at OpenAI. “1Password's MCP server for Codex helps teams give agents the access they need at runtime, without copying credentials into prompts, local files, or repositories. That’s the kind of security that simplifies agentic development, empowering teams to ship faster while keeping sensitive credentials protected.”
Advancing Unified Access for the Agentic Enterprise
The 1Password Environments MCP Server for Codex integration reflects how 1Password is helping organizations establish a single source of truth for what people and AI agents are allowed to access, and under what conditions. The 1Password® Unified Access platform is built to be that source, governing access for humans, AI agents, and machine identities through the same identity-first model.
About 1Password
1Password is redefining identity security for how people and AI agents work today. The 1Password® Unified Access platform discovers and secures identities and credentials, authorizes just-in-time access, and audits actions across human and AI agents. 1Password SaaS Manager helps organizations discover and secure access to SaaS applications while optimizing spend. 1Password’s enterprise vault protects more than 1.3 billion credentials and secrets and is trusted by more than 1 million developers and over 180,000 businesses, including Asana, Canva, Cresta, Dust, Figma, GitHub, HackerOne, Hugging Face, MongoDB, Notion, Salesforce, SandboxAQ, Stripe, and Wiz. Learn more at 1Password.com.
Read More:
How AI Agents for Detection Optimization Strengthen Security?
