AI agents now write code, fix bugs, and ship to production. But in order to do useful work, agents require credentials. At 1Password, one of our core AI security principles is that raw credentials should never be directly exposed to LLMs, but all too often, that’s exactly what happens: most teams sacrifice security for speed and hand agents secrets in plaintext.
The shortcuts behind that tradeoff predate agentic development: secrets packed into an .env file, a script with hardcoded keys, a config file committed to a repo. But agentic development exponentially increases the blast radius of an exposed or misused credential, since anything in an agent's context window can be logged, echoed into output, or surfaced by an agent that's been manipulated into revealing it. Solving this tension means giving agents the access they need without directly exposing credentials to the model context.
Today we're expanding the 1Password MCP Server to Kiro, making 1Password the trusted access layer for AI-powered development in Kiro. With this integration, credentials are issued at runtime, scoped to the assigned task, and never enter the model's context window. Agents get the access they need, and secrets stay where they belong.
Kiro is a software development agent, available in IDE, CLI or web experiences, bringing engineering rigor to AI-native coding via spec driven development and property-based testing. This integration connects Kiro directly to 1Password Environments using a local MCP server packaged inside our Password Manager
With this integration, developers can:
Configure environments securely inside Kiro. Ask Kiro to create and configure an environment, then run applications using secrets stored in 1Password Environments instead of plaintext .env files, all without leaving Kiro.
Clean up hard-coded secrets. Have Kiro find credentials in source code, move them into 1Password Environments, and replace them with references, which cuts down secret sprawl across projects.
Give AI workflows scoped, runtime access. Credentials are issued for the assigned task only. When the task ends, the window closes, and the credential can no longer be used for access. Centralized credential management in 1Password stays intact throughout.
That third capability is the one that matters most: access granted at the moment of need, scoped to the task, gone when the work is done. It's how all access should work as agents take on more of the job, whether the requester is a developer, a CI/CD pipeline, or an agent acting on someone's behalf. The principle that governs an agent touching production infrastructure governs the agent in your IDE.
For engineering and security teams, the administrative picture doesn't change. High-value credentials stay under centralized control in 1Password, so teams can support Kiro adoption without loosening governance. The secure path here is also the easy path, and that's a deliberate design choice. Developers will adopt this workflow because asking Kiro to use 1Password Environments is less work than manually managing .env files. That's the security philosophy 1Password has had for twenty years: security wins when people choose it, and people choose what removes friction.
When we launched the 1Password Environments MCP Server with OpenAI Codex, we called it a proof point for a broader thesis: coding agents are the leading edge of AI agents joining the workforce, and they need real access, governed properly. Kiro is the second proof point, built on the same architecture and the same access model.
As AI-native development tools multiply and demand credentials, we will extend the architecture underneath this integration to new solutions. Whether developers are working in Codex, Kiro, or whatever ships next, the access model doesn't change: 1Password is the source of truth for secrets, credentials are issued at runtime, nothing in plaintext in the model context.
"Kiro is designed to help developers move from idea to production-ready software with AI assistance grounded in specifications and structured workflow. By bringing secure access to secrets and environment variables directly into Kiro, 1Password is helping developers confidently adopt AI-assisted workflows while keeping credentials secure and under their control."
--Mark Relph, Managing Director, Data & AI Partners at AWS
"Developers shouldn't have to choose between adopting AI-powered tools and strong security practices and neither should their agents. Every place software gets built is now a place an AI agent needs access. Our answer is the same everywhere: credentials stay protected in 1Password and are issued at runtime, scoped to the task, with nothing left in plaintext for a model to see. Kiro extends that model from Codex to another surface where developers actually work, and it's a preview of how we think all agent access will operate."
--Jeff Malnick, VP and GM for AI & Developer at 1Password
This launch is one piece of a larger integration footprint across AWS. 1Password already secures access across AWS environments through Amazon Nova Act, the
This integration is available to joint 1Password and Kiro customers on 1Password business and personal accounts with access to our Password Manager and developer tools on macOS.
To get started, visit Kiro powers or