Using 1Password to Manage Claude Code API Keys

Like many others, over the past few years I've been experimenting with Claude Code and bringing it more into my workflows. I still prefer to handwrite code but for understanding a tricky bug, giving me feedback on architecture decisions, or doing the simple code review, it has made the process of working mostly solo on projects much more manageable.

One of the things that I discovered just recently is that you can store your API Key in 1Password and have Claude read it at runtime instead of storing it with Claude directly.

Note: This is only useful if you are using the Claude API. If you're using one of the general plans you won't need this flow.

Setup 1Password

To get started the first thing you need to do is download the 1Password CLI tool.

Next you'll need to create a new shell file in your .claude directory that will read your API Key from 1Password. For my purposes I simply called it claude_key.sh which has a single line:

op read "op://MyVault/Claude Code API key/credential"

Make sure to set your new file to be executable so it can actually run the 1Password command:

chmod +x ~/.claude/claude_key.sh

.claude Settings

Lastly, you'll need to open your Claude settings.json file and set the parameter apiKeyHelper to point to this new file on your system.

{ "apiKeyHelper": "./claude_key.sh" }

Done!

That's it! Now launch Claude Code and it'll attempt to read your API Key from 1Password so you'll get asked by 1Password to open your vault. And it will read it this way everytime you start a new session.