actx auth
actx auth
Section titled “actx auth”Securely onboard a 1Password Service Account token. The token is encrypted with AES-256-GCM (key derived from your project’s Ed25519 private key via HKDF) and stored in .context/.keys/sa-token.enc.
actx auth [options]Options
Section titled “Options”| Option | Description |
|---|---|
--reset | Delete the existing encrypted token and re-prompt for a new one |
Description
Section titled “Description”On first run, the command prompts for your 1Password Service Account token using masked input (no terminal echo). It validates the token format (ops_... or JWT), encrypts it, and verifies vault connectivity.
On subsequent runs, it confirms the token is already configured and verifies the SDK connection.
Security Model
Section titled “Security Model”- Token is never stored in plaintext — encrypted at rest with AES-256-GCM
- Encryption key is derived from the project’s Ed25519 private key via HKDF
- The
.context/.keys/directory is gitignored by default - At gateway startup,
loadServiceAccountToken()auto-decrypts — no env var needed
Example
Section titled “Example”$ actx auth🔐 AgentCTX — 1Password Service Account Setup
This will securely store your 1Password Service Account token. Paste your Service Account token: ••••••••••••••••
✅ Token encrypted and stored in .context/.keys/sa-token.enc ✅ Vault connection verified!See Also
Section titled “See Also”- actx setup — full onboarding wizard
- actx login — OIDC account authentication