Manage Connect servers
A Connect server is a type of Secrets Automation workflow that allows you to securely access your 1Password items and vaults in your company's apps and cloud infrastructure using a private REST API provided by 1Password Connect Server.
You can use 1Password.com or the Connect REST API to:
- Control which team members and applications have access to which Connect server tokens.
- Monitor and audit access and item usage.
- Secure applications by choosing when Connect server tokens expire.
- Create and revoke Connect server tokens.
Manage permissions
With 1Password Business or 1Password Teams, you can manage Connect server permissions with groups, or more granularly, with environments. This allows for enforcement of security best practices. Learn more about Connect security.
You can also manage group access using automated provisioning.
Manage global permissions
Groups allow you to specify one or more users who can access Connect servers.
To assign groups (such as Owners and Administrators) to manage Connect servers:
- Sign in to your account on 1Password.com and select Developer Tools in the sidebar.
- Select Permissions from the top navigation bar, then select Secrets Automation.
- In the Managers section, select Manage, then choose the groups you want to manage Connect servers.
- Select Update Groups.
Manage environment permissions
Environments allow you to override global permissions (with groups) for a specific Connect server environment.
To assign groups (such as Owners and Administrators) to manage a specific Connect server:
- Sign in to your account on 1Password.com and select Developer Tools in the sidebar.
- Select Permissions from the top navigation bar, then select Secrets Automation.
- In the Environments section, select Manage.
- In the Permissions section, select Manage, then choose the groups you want to manage Connect servers in the environment.
- Select Update Groups.
Manage access tokens
Secrets automation access tokens are also called Connect server tokens. The following sections show how to manage Connect server tokens:
When you create or revoke a Connect server token, the number of vault access credits for that environment updates to reflect current usage. Learn more about Secrets Automation billing.
Create a token
To create a Connect server token:
- Sign in to your account on 1Password.com and select Developer Tools in the sidebar.
- Choose the Secrets Automation environment where you want to create a Connect server token.
- Select New Token.
- Follow the onscreen instructions to issue an access token.
You can't edit the vaults a token can access after you create it. If you want to change the vaults a token can access, you must revoke the token and create a new one.
Set a token expiration
You can set token expiration time of 30, 90, or 180 days when you create a Connect server token. When the expiration time elapses, 1Password revokes the Connect server token.
To set a token expiration date:
- Sign in to your account on 1Password.com and select Developer Tools in the sidebar.
- Choose the Secrets Automation environment where you want to create a Connect server token.
- Select New Token.
- Set the "Expires After" to 30 days, 90 days, or 180 days.
- Continue with the onscreen instructions.
Revoke a token
To revoke a Connect server token:
- Sign in to your account on 1Password.com and select Developer Tools in the sidebar.
- Choose the Secrets Automation environment where you want to manage Connect server tokens.
- Select next to the token you want to revoke, then select Revoke.
Rename a token
To rename a Connect server token:
- Sign in to your account on 1Password.com and select Developer Tools in the sidebar.
- Choose the Secrets Automation environment where you want to manage Connect server tokens.
- Select next to the token you want to rename, then select Rename and enter a new name.
Grant or revoke access to vaults
To grant or revoke access to vaults:
- Sign in to your account on 1Password.com and select Developer Tools in the sidebar.
- Choose the Secrets Automation environment where you want to grant or revoke access to vaults.
- In the Vaults section, select Manage and choose the vaults you want to add or remove.
- Select Update Vaults.
When you grant or revoke access to vaults in a Secrets Automation environment, the number of vault access credits for that environment also changes. Learn more about Secrets Automation billing.
Monitor item usage
Connect servers send reports about item usage to the 1Password server every time an item is accessed so you can monitor item usage.
Item usage information might take a few hours to sync with 1Password.com.
To view item usage for a Connect server:
- Sign in to your account on 1Password.com and select Developer Tools in the sidebar.
- Choose the Secrets Automation environment (Connect server) you want to monitor.
- Under Version, select More Actions > View Item Usage Report.
For more information, visit Create reports in 1Password Business.
About Connect server item usage
Items accessed through a Connect server update specific fields in the following manner:
- The Action field in the report always shows Display.
- The Used by field always includes the name of the Connect server instance (not the Connect server token).
Connect servers only report item usage when they have a working connection to the 1Password server. If a Connect server can't reach the 1Password server (for example, when it updates or restarts), it might lose item usage information from that time period.
Item usage reporting continues when the Connect server has a working connection to the 1Password server again.