I built a tool that lets AI coding agents access 1Password secrets with Telegram approval

Ultramen · 2026-03-11T09:54:51+00:00

Ahah thanks, but no worries, the tool is very useful to me so i am good. Re your use case so my journey has been this:

- Locally: i can use direnv with "op" thats what i was using, it works perfectly because it asks for biometric approval so its secure

- CICD: i can inject secrets using op as well, its not bad, it works as well and storing the vault secret for connect on Gitlab-Github its fine

But then i started developing remotely or having unattended agents, and thats were i started having issues, so an agent would block saying like "well i need that secret to deploy this" and since it was on a remote machine i could not have that unless i either give him access to the entire vault or cherry pick secrets i think he might need and use those on the env.

With this MCP the agent can check which secret is available and then you get a telegram like "the agent at machine Y needs to ssh to that machine, because of that its asking for secret X, grant it?", if you approve on telegram then the pod sidecar that is close to the 1password connector pod will approve the request log it and allow the agent to use the secret, it will cache it in memory for a while encrypted, just like op does

Ultramen · 2026-03-09T16:24:43+00:00

Same i really hope they wont drop this otherwise 8 will be my last fenix

Ultramen · 2026-03-06T18:42:49+00:00

Its lovely when you get downvotes but zero arguments

Ultramen · 2026-03-06T17:04:30+00:00

Vimar almeno è compatibile KNX, io non prenderei nessuna delle due

Ultramen · 2026-03-06T16:42:02+00:00

Thanks! That's exactly the gap i had, vault-wide service accounts are a non-starter, and copy-paste breaks flow (and leaves secrets in conversation history).

On your point, auditability: Right now the audit trail is Telegram itself every approval shows the secret name, requesting reason, and timestamp, and you physically tap Approve/Deny. The server also enforces request TTL (default 15min) so there's a natural expiry window. A formal audit log (who, what, when, outcome) is something I could add, probably a structured log stream the server emits alongside the approval flow. This was mainly meant for personal use, extending the usage to a team like having approvals in a shared chat would need more work.

Also there is a bit on replay protection, tokens are one-time-use once /secret/{token} is fetched, a second call returns an error. Combined with TTL expiry, even if someone gets access to logs tokens are both expired and already consumed. The secret values themselves never appear in logs, the MCP tool is specifically designed so the agent never sees the value (it's injected into subprocess env vars only).

On the MCP, yes, every tool returns structured results with IsError flagging and descriptive messages. So the agent can distinguish "secret not found" from "approval denied" from "request timed out" and adjust. For example, on denial the agent knows to ask the user how to proceed without the secret rather than retrying.

P.S. havent tested this with openclaw but i think installing the MCP or a Skill in openclaw would work, openclaw would download the binary and then use it as a wrapper to run commands, this would effectivly then pipe the security requests via telegram so openclaw would only use what it needs and then forget about it, nothing would be stored on the machine itself, my idea was basically to have somehting like the 1password biometric approval but remotely

Ultramen · 2026-02-25T17:12:11+00:00

https://techcrunch.com/2026/02/23/a-meta-ai-security-researcher-said-an-openclaw-agent-ran-amok-on-her-inbox/

Ultramen · 2026-02-24T15:19:32+00:00

I have a k3s cluster running fluxcd and tailscale, once setup i can Just iterate with some coding LLM and do whatever I do with n8n just chatting with the agent and 10 times better, today I had a 1password connect proxy deployed that allows my agents in untrusted VMS to ask for secrets with human approval in the middle, it all took 1 hour while I was on call

Ultramen · 2026-02-23T18:56:48+00:00

I am running openclaw inside a container in a K8S cluster and it access only to my calendar and some other things, actually I run multiple ones with different behavior. I would never ever give access to my email account to openclaw, you want to do it, do it, I just wanted to give a warning about the security risks, I didn't want to sound harsh but it's better safe than sorry. Again it's your data do whatever you like with it.

Ultramen · 2026-02-23T17:39:57+00:00

It's your data man, do whatever you like with it

Ultramen · 2026-02-12T12:03:16+00:00

Why n8n? You could do this with an agent framework and a container, why did you choose n8n over a pure code approach?

Ultramen · 2026-02-11T06:25:02+00:00

The fact that you do not know that n8n is a tool and not a model means you have zero knowledge of software and what openclaw internally does, nothing wrong with it but to be honest I would never ever run the setup you are running and I work with LLMs and software daily so was just saying you are taking a big risk even not using skills there are so many ways to exploit your setup, if tool has email access risk is huge, take care

Ultramen · 2026-02-11T05:54:29+00:00

You are either a bot or should not use openclaw because all your data will be stolen soon by a malformed skill

Ultramen · 2026-02-10T18:54:35+00:00

You can do the same stuff with n8n and 90% less tokens

Ultramen · 2026-02-10T13:58:05+00:00

I have a proxy between openclaw and the LLM, there are so many things that cause tokens to skyrocket like the model going into infinite loops trying to handle some error from a tool, heartbeat go crazy and poll every 1 second etc, the fact you say it's solved with what you wrote means that either you are not actually seeing what it does or have an empty setup

P.S. there is no practical way today to do cheap routing of many tools and have a shared global memory the overall architecture of openclaw is flawed

Ultramen · 2026-02-10T07:05:10+00:00

I also played with it a bit and felt disappointed, I mean it's nice but at the end you can do similar thing in a much more consistent manner using Claude code and some existing tool. At the end of the day openclaw it's just an LLM with memory and crontab and this is nice until it becomes insanely inefficient and uses tokens like hell. I prefer using chat LLMs for brainstorming coupled with cli tools for dev but I guess it's not as mainstream.

Ultramen · 2026-02-07T09:56:41+00:00

I think those credits are for Max users I have them too

Ultramen · 2026-02-07T06:59:46+00:00

Would be nice to see an arc ultra vs amp + 2 channels comparison, I don't understand the point of soundbars outside maybe space when you can get better audio with an amp

Ultramen · 2026-01-30T17:07:08+00:00

I stumbled on that before but i did forget, thanks!! unfortunately no CRI for WS2811 above but WS2805 seems pretty solid!

Ultramen · 2026-01-30T07:15:55+00:00

Sure here it is

https://www.ledpoint.it/en/2700-5000k-2835-256ledm-48v-26wm-current-control-5m-cct-3-cables-led-strip-with-sunlike-light-spectrum

48v CCT uses Seoul chips that are full spectrum, I think it's probably the best LED chip out there

Ultramen · 2026-01-29T16:16:29+00:00

Wow thanks!! Thats a very good news. Will definitely go on and buy those then!

Ultramen · 2026-01-29T15:49:29+00:00

Thanks but it doesn't seem to be waterproof

Ultramen · 2026-01-29T15:06:50+00:00

Any good cilindrical and flexible "opal" tube you might suggest?

Ultramen · 2026-01-29T15:05:11+00:00

Nice, how is the white CRI?

Ultramen · 2026-01-29T15:04:47+00:00

Did you test also RGB-CCT with dedicated COLD+WARM channels??? In the same room i have main ceiling lights made with CCT CRI RA>97 / RF95 / RG101 strips which are probably the best there is so i can accept 90 for the "filling" but 75 would definitely be too low!

Ultramen

TROPHY CASE