TLDR: 1Password is great for personal passwords but bad for dev secrets. No project structure, biometric prompt fatigue, opaque approval popups (and this is fundamentally hard to fix), all-or-nothing account access. Keep 1Password for personal stuff. Use Infisical for dev secrets.
1Password is a great password manager. I use it daily for browser logins, 2FA, SSH keys, and credit cards. But its developer CLI (op read, op run) has real problems for multi-project work.
No project structure
1Password has vaults and items. No projects. Environments exist in beta, but the CLI workflow still lacks the project/environment hierarchy that multi-app development needs. When you work on multiple apps with dev/staging/production environments, you end up with names like my-project-staging-db-password with custom fields. No enforced naming. Every developer invents their own convention.
Biometric prompt fatigue
Each op read within an active session reuses a time-limited, terminal-scoped authorization. But sessions expire, and scripts with many sequential calls still trigger repeated prompts. You stop reading what you approve. You just tap. The security benefit disappears.
Developers have complained repeatedly.
You don’t know what is requesting your secrets
The popup shows “iTerm2 wants to access your 1Password account.” Not which secret. Not which command. Was it git push or a malicious npm script?
I understand why this is hard to fix. To show the real command, 1Password would need to inspect the calling process tree (/proc/PID/cmdline on Linux, sysctl on macOS). But processes can spoof their identity. A malicious process can fork, rename itself, or rewrite its command line. Even binary signature verification fails when a legitimately signed node runs a compromised package.
1Password’s own team acknowledges this: there is not a lot any application can do to eliminate this risk. On macOS, apps with accessibility permissions can bypass the prompt entirely.
The real solution is not a better popup. It is keeping secrets away from untrusted processes. See Why AI agent permissions don’t work and Choosing an AI sandbox.
All-or-nothing access
When you authorize the CLI, it gets access to your entire account. Not just one vault. A compromised terminal session can read every secret you have.
op run loads all referenced secrets as environment variables at once. You cannot load secrets on demand. If different script parts need different vaults and not all team members have access to all vaults, it breaks.
What 1Password does well
Keep using it for: browser passwords, 2FA codes, SSH keys (via 1Password SSH agent), credit cards, secure notes. These are human-facing features and 1Password is the best at them.
What to use instead for dev secrets
A purpose-built secrets manager. I chose Infisical.