1Password has announced an expanded collaboration with OpenAI to protect credentials in the Codex app.
With 1Password Environments MCP Server for Codex, developers can now grant Codex access to credentials directly inside their coding workflows while keeping secrets out of prompts, code and model context.
“As coding agents take on more of the software development lifecycle, the question isn’t whether to give them access, but how,” said Nancy Wang, CTO of 1Password. “A credential that persists is already compromised. That’s why just-in-time credentials are the only viable security model for AI-native development.”
Codex is helping developers write, execute and prepare code for production. As AI agents play a larger role in the development process, they require access to credentials for databases, APIs and deployment pipelines. Today, that access is often managed by copying credentials into local files, passing them through prompts or hardcoding them into repositories where they can be easily exfiltrated.
The 1Password Environments MCP Server for Codex provides enhanced security by injecting secrets into an authorized process at runtime, after user authentication or approval.
The integration enables teams to:
- Catch secrets at the source: Codex can be prompted to use 1Password and the 1Password MCP server to store credentials that it must use.
- Use secrets without seeing them: Developers reference vaulted credentials inside Codex without the values ever appearing in code, terminals or model context.
- Keep secrets outside of code: Replace every hardcoded credential with a vaulted reference, so secrets live in 1Password instead of in code repositories or Codex.
“As developers bring coding agents into real software workflows, secure access to credentials is critical,” said Nick Steele, agent security at OpenAI. “1Password’s MCP server for Codex helps teams give agents the access they need at runtime, without copying credentials into prompts, local files, or repositories. That’s the kind of security that simplifies agentic development, empowering teams to ship faster while keeping sensitive credentials protected.”
