1Password shifts to runtime secrets

This launch shows 1Password was trying to move from being a place where employees store secrets to a system that software can pull from automatically during deployment and runtime. That matters because runtime secret delivery sits much closer to production infrastructure, which makes 1Password harder to replace and expands it from seat based password management into higher value engineering and security workflows.

• Vault was built around machine use cases. It stores secrets, enforces access policies, and can generate short lived credentials for databases, cloud services, and SSH. 1Password Secrets Automation started with a narrower wedge, letting teams expose values already stored in 1Password to apps, CI pipelines, and Kubernetes workloads through service accounts or self hosted Connect servers.
  2 1password 3 1password 4 hashicorp 5 hashicorp
• The product changes the daily workflow for engineers. Instead of copying an API key out of a human vault and pasting it into a config file or Kubernetes Secret, teams can reference a 1Password item and inject it into infrastructure at deploy time or runtime. 1Password also built Kubernetes operator and injector tooling so updates in 1Password can flow into running systems.
  2 1password 3 1password 6 1password 7 1password
• Strategically, this was part of a broader enterprise expansion. 1Password grew from about $150M ARR in 2021 to an estimated $265M in 2023, with B2B becoming 60% of revenue, as it pushed beyond consumer password storage into access management, device security, and devsecops workflows where incumbents include Okta, Rippling, and HashiCorp.
  1 sacra 4 hashicorp 8 sacra

The next step is deeper ownership of machine identity and developer workflows. If 1Password keeps turning its human vault into the control plane for apps, containers, and agents, it can capture more security budget per employee and become part of the production stack, not just the browser toolbar.