1Password, Keycard present tools for secure AI agent credential delegation

AI coding agents now write, execute, and deploy code autonomously — and to do that, they need access to real systems. Most teams are still securing access with static credentials built for human operators, not for autonomous agents, and this mismatch is becoming a serious problem. 1Password and Keycard are bringing new credential delegation solutions to this challenge.

1Password expands OpenAI tie-up for agentic coding credentials

1Password has announced an expanded collaboration with OpenAI to secure how its Codex coding AI agent handles credentials. Developers can grant Codex access to credentials directly inside their coding workflows while keeping secrets out of prompts, code and model context, the company says.

To achieve this, 1Passport has introduced a new MCP (Model Context Protocol) Server. Secrets are injected at runtime into an authorized process following user authentication or approval, are not written to disk, and remain available only for the duration of that execution or session. Developers can reference vaulted credentials inside Codex without the values appearing in code, terminals, or model context.

“As coding agents take on more of the software development lifecycle, the question isn’t whether to give them access, but how,” says Nancy Wang, CTO of 1Password. “A credential that persists is already compromised. That’s why just-in-time credentials are the only viable security model for AI-native development.”

OpenAI framed the integration as a practical solution for teams shipping with agents. The added security “simplifies agentic development, empowering teams to ship faster while keeping sensitive credentials protected,” according to Nick Steele, Agent Security at OpenAI.

1Password demonstrated how the process works in a video that uses an example of building a bookstore with Stripe checkout using OpenAI Codex.

During the coding process, Codex builds a Next.js app and integrates with 1Password’s MCP server for secure credential handling. The Stripe secret key, a sensitive credential used to authenticate backend API requests, is obfuscated using placeholders in the code, and 1Password manages the environment file locally, ensuring encrypted credentials and preventing plain-text storage. The real Stripe secret key is added to 1Password outside the Codex context, preventing the model from accessing sensitive information.

The Codex integration is part of 1Password’s broader push to extend its access governance model to non-human identities. The company’s Unified Access platform aims to serve as a single policy layer governing access for humans, AI agents, and machine identities under a common identity-first framework.

Keycard launches feature for multi-agent applications

Another solution comes from Keycard, an identity and access management provider focused on AI agents. The Canadian firm has launched Keycard for Multi-Agent Apps, extending its platform to handle delegated, session-based access across systems of autonomous agents.

Keycard says that the product addresses a structural problem in how multi-agent applications are typically secured: most teams currently connect agents using shared API keys, inherited credentials, or persistent access grants — none of which limit privileges to what a given task actually requires. As agents gain autonomy, that exposure widens. An agent operating without oversight can delete a database or exfiltrate data with no human in the loop.

Keycard’s approach assigns each agent its own verifiable identity at runtime through attestation, with no long-lived API keys or credentials written to disk. When a task is initiated, Keycard creates a session that binds every subsequent action to the originating user and request. Access is scoped at each delegation hop using OAuth 2.0 Token Exchange (RFC 8693), so no agent holds more privilege than the task requires. Every token in the chain is traceable, revocable, and expires at the end of the session.

“Enterprises are rebuilding business functions around AI agents. Right now, the developers building these systems have to choose: give agents broad access and they’re ungovernable or lock them down and lose what makes them valuable,” says Ian Livingstone, co-founder and CEO of Keycard. “Agents built using Keycard don’t experience this trade-off, as they have their own identity, delegate access per-task and operate with no standing privileges or static credentials.”

The platform supports three delegation patterns: agents acting on their own behalf across multi-hop workflows, agents acting on behalf of humans or other agents with a preserved chain of authority, and agents impersonating other agents or humans under defined policy constraints. All three use the same SDK, policy engine, and control plane.

Article Topics

1Password  |  AI agents  |  authentication  |  digital identity  |  identity access management (IAM)  |  Keycard  |  non-human identities  |  OpenAI