Integrations/1Password

Control what your AI agents do in 1Password.

Let your team build AI agents for 1Password. Bollard AI controls what each one can do, vault by vault.

1Password
Secrets Agent
CI vault VaultOffReadFull use
Shared vault VaultOffReadFull use
Founders vault VaultOffReadFull use
Download and reveal secrets
What agents can do

Set what each agent can do in every vault.

Each vault gets one of three levels: Off, Read, or Full use. Anything not allowed is denied.

Off
No access
The agent can't see the vault or that it exists.
Read
Read-only
The agent can read the list of items in that vault. It can't change anything.
Full use
Create and update
The agent can create and update items in that vault.

Some actions stay off until explicitly turned on

Each one exposes a secret in full or removes it for good, so it could override the limits set on individual vaults.

Downloading or revealing a stored secretDeleting itemsDownloading files attached to items
Set up & manage

Connect once. Manage everyone from there.

Connect once, then control access person by person. No new keys to hand out.

Step 1 · Set up

Connect once, company-wide

An admin connects your company's 1Password a single time and chooses which vaults it covers. Any vault left out stays out of reach for every agent.

Step 2 · Manage

Control access per person and agent

From one dashboard, set what every person and their agents can reach. Change it any time, with no new keys for anyone.

OffNo access
ReadRead-only
Full useRead, create, and update items in a single vault
Example

A deployment secrets agent.

A secrets agent creates and updates items in the CI vault and can list the Shared vault, but it can't open the Founders vault or reveal a stored secret.

CI vault VaultOffReadFull use
Shared vault VaultOffReadFull use
Founders vault VaultOffReadFull use

Manage access

ALLOWEDSecrets Agent created an item in the CI vault
ALLOWEDSecrets Agent listed the Shared vault
BLOCKEDSecrets Agent tried to open the Founders vault, denied by default

Monitor activity

The security model

Top-tier security.

Bollard AI is access control for AI agents. It sits between your agents and 1Password, so they never hold your 1Password keys and never reach 1Password directly.

Everything runs through Bollard AI

Agents send their requests to Bollard AI, not to 1Password. Bollard AI checks each one against your rules and passes only the allowed requests through.

Denied by default

Every vault starts off-limits, and revealing a stored secret is held back on top of that. An agent gets in only where you've allowed it, and anything Bollard AI doesn't recognise is refused and held for review, never waved through on a guess.

Your keys stay sealed

Your 1Password keys are sealed in a vault unique to your company and never shown again. Bollard AI unlocks them only for the instant an allowed request needs it.

Activity you can read

Every attempt is recorded in plain English: who or which agent, what they tried, which vault or item, and the decision. The record is readable and can't be edited after the fact.

Questions

1Password, answered.

Does connecting 1Password hand Bollard AI every vault?+
Only what's connected. An admin chooses which vaults Bollard AI covers, and that sets the most any agent could reach. Bollard AI doesn't browse or copy your vaults. It sits in front of them and checks every request the agents make, passing or blocking each one.
Can an agent read our actual passwords and secrets?+
Not unless you turn it on. Revealing or downloading a stored secret is held off by default, so an agent can create and list items in the vaults you allow without ever seeing a secret in full, until you explicitly allow it.
Can an agent see more than the person who owns it?+
No. An agent reaches only what its owner reaches. An explicit Off always overrides an inherited permission.
Where do our 1Password keys live?+
Sealed in an encrypted vault, behind a key unique to your company. It's never shown again once connected, and Bollard AI unseals it only for the instant an allowed request needs it.
What happens when an agent tries something it's not allowed to do?+
Bollard AI blocks the request before it reaches 1Password, and the blocked attempt lands in the activity record with the reason.
How do we connect 1Password?+
An admin connects the company's 1Password once. Bollard AI seals the connection and builds the list of vaults to set rules for. From then on, all management happens in the Bollard AI dashboard.
Early access

Put your team's agents to work in 1Password, without the risk.

We're onboarding our first development partners now. Tell us about your setup and we'll be in touch.