Skip to content

Documentation: Add instructions for using 1Password CLI (op run) with Claude Desktop and gitlab-mcp

Feature Request

Add documentation for using 1Password CLI (op run) to securely retrieve GitLab tokens when configuring Claude Desktop to use with gitlab-mcp.

Background

Users who store their GitLab tokens in 1Password may want to use the op run command-line tool to securely retrieve these credentials when setting up Claude Desktop with gitlab-mcp. This approach avoids hardcoding the token directly in the Claude Desktop configuration file.

User Feedback

In the feedback thread (gitlab-org/ux-research#3495), a user mentioned attempting to use op run with the Docker-based installation method. Their setup included:

{
  "mcpServers": {
    "GitLab": {
      "command": "op",
      "args": [
        "run",
        "--",
        "docker",
        "run",
        "--platform", "'linux/amd64'",
        "-e", "GITLAB_TOKEN",
        "registry.gitlab.com/fforster/gitlab-mcp:latest"
      ],
      "env": {
        "GITLAB_TOKEN": "op://Employee/GitLab Personal Token/password"
      }
    }
  }
}

Proposed Documentation

Add a new section to the README.md under "Usage with Claude Desktop" titled "Using with 1Password CLI":

### Using with 1Password CLI

If you store your GitLab token in 1Password, you can use the 1Password CLI (`op run`) to securely retrieve your token:

#### For local binary installation:

```json
{
  "mcpServers": {
    "GitLab": {
      "command": "op",
      "args": [
        "run",
        "--",
        "/path/to/gitlab-mcp"
      ],
      "env": {
        "GITLAB_TOKEN": "op://Your-Vault/GitLab Personal Token/password"
      }
    }
  }
}

For Docker installation:

{
  "mcpServers": {
    "GitLab": {
      "command": "op",
      "args": [
        "run",
        "--",
        "docker",
        "run",
        "-i",
        "--rm",
        "--pull=always",
        "-e", "GITLAB_TOKEN",
        "registry.gitlab.com/fforster/gitlab-mcp:latest"
      ],
      "env": {
        "GITLAB_TOKEN": "op://Your-Vault/GitLab Personal Token/password"
      }
    }
  }
}

Note: Replace "op://Your-Vault/GitLab Personal Token/password" with the actual reference to your GitLab token in 1Password.

Prerequisites:

  1. Install the 1Password CLI: https://1password.com/downloads/command-line/
  2. Sign in to your 1Password account: op signin 

## Benefits

1. Enhanced security by avoiding hardcoded credentials in configuration files
2. Better integration with popular password management tools
3. Consistency with security best practices

## Related Information

- 1Password CLI documentation: https://developer.1password.com/docs/cli
- Secret references format: https://developer.1password.com/docs/cli/secret-reference