> ## Documentation Index
> Fetch the complete documentation index at: https://docs.enkryptify.com/llms.txt
> Use this file to discover all available pages before exploring further.

# 1Password

<AccordionGroup>
  <Accordion title="Prerequisites" icon="list-check">
    * An Enkryptify workspace with admin access
    * A 1Password account with permission to create service accounts
    * A 1Password vault that the service account can access
    * A 1Password service account token with item read and write permissions
  </Accordion>

  <Accordion title="Permissions" icon="scroll-text">
    Enkryptify connects to 1Password with the service account token you provide during setup. The token is encrypted and reused when you create additional 1Password syncs.

    * The service account must be able to:
      * List the vaults it can access
      * List items in the selected vault
      * Create and update items in the selected vault
      * Delete items in the selected vault when using individual item mode and deleting Enkryptify secrets

    > 1Password service accounts cannot access built-in Personal, Private, Employee, or default Shared vaults. Create or select a vault that can be granted to the service account.
  </Accordion>

  <Accordion title="Storage modes" icon="database">
    The 1Password sync supports two storage modes:

    * **Individual items** — each Enkryptify secret is written as its own 1Password Password item. You can optionally add a title prefix.
    * **Secure Note** — all Enkryptify secrets are written to one Secure Note as `.env` content. You can select an existing Secure Note or let Enkryptify create one.
  </Accordion>
</AccordionGroup>

## Steps to complete

<Steps>
  <Step title="Create a new sync">
    * Go to the `Syncs` tab of your project and click on `1Password`.
  </Step>

  <Step title="Create a 1Password service account">
    <ul>
      <li>Sign in to your 1Password account in the browser.</li>
      <li>Open the Developer area.</li>
      <li>Create a new service account.</li>
      <li>Grant it access to the vaults you want Enkryptify to sync to.</li>
      <li>Give it item read and write permissions for those vaults.</li>
    </ul>
  </Step>

  <Step title="Copy the service account token">
    <ul>
      <li>Copy the token shown by 1Password.</li>
      <li>Store the token securely. 1Password only shows it once.</li>
    </ul>
  </Step>

  <Step title="Authenticate in Enkryptify">
    <ul>
      <li>Paste the service account token into Enkryptify.</li>

      <li>
        Enkryptify validates the token by listing the vaults available to the
        service account.
      </li>
    </ul>
  </Step>

  <Step title="Select a 1Password vault">
    <ul>
      <li>Choose the vault that should receive your synced secrets.</li>
      <li>Only vaults available to the service account are shown.</li>
    </ul>
  </Step>

  <Step title="Choose a storage mode">
    <ul>
      <li>
        Choose <code>One 1Password item per secret</code> to keep every secret
        as a separate 1Password item.
      </li>

      <li>
        Choose <code>All secrets in one Secure Note</code> to write all secrets
        to one <code>.env</code>-style Secure Note.
      </li>
    </ul>
  </Step>

  <Step title="Configure the destination">
    <ul>
      <li>For individual item mode, optionally enter an item name prefix.</li>

      <li>
        For Secure Note mode, choose an existing Secure Note or choose to create
        a new one.
      </li>
    </ul>
  </Step>

  <Step title="Link an Enkryptify environment">
    <ul>
      <li>Choose the Enkryptify environment to sync from.</li>

      <li>
        Secret names and shared values from this environment will be written to
        the selected 1Password destination.
      </li>
    </ul>
  </Step>
</Steps>