Secrets

gogo integrates with 1Password CLI to inject secrets as environment variables. When a task’s environment contains op:// references, gogo automatically wraps the command with op run to resolve them.

Usage

tasks:
  deploy:
    env:
      DB_PASSWORD: op://vault/item/field
      API_KEY: op://vault/api-credentials/key
    cmd: deploy --password $DB_PASSWORD --api-key $API_KEY

The op:// references use the standard 1Password secret reference format.

How It Works

Define op:// references in a task’s env map
When the task runs, gogo detects the op:// values
The command is wrapped with op run, which resolves all references and injects the actual secret values
op handles authentication automatically, including triggering Touch ID when 1Password is locked

Requirements

The op CLI must be installed and available on the PATH. Install it from https://developer.1password.com/docs/cli/get-started/

← Previous Dotenv Next → Preconditions