1Password has teamed with OpenAI to address credential leakage in AI coding workflows, introducing a just-in-time credential model for OpenAI Codex designed to keep secrets out of prompts, code, repositories, terminals, and the model’s context. The collaboration launches an Environments MCP Server for Codex that gives Codex access to credentials directly inside development workflows while ensuring they never appear in prompts or in the code or model context.
CREDENTIALS are issued just-in-time and scoped to the task, with end-to-end encryption and centralised management, and access limited to authorised users and groups. At runtime, 1Password injects the required variables directly into the application process when it runs, with secrets existing only in memory for the duration of the process and never leaving the secure vault.
The approach aims to avoid persistent secrets and reduces risk by ensuring the credential lifecycle is tightly controlled, audited, and overseen by security teams as coders work across the software development lifecycle. The report is by Kevin Townsend and dated 20 May 2026.