Free Alternatives to 1Password CLI for macOS Developers

Three years of paying for 1Password. No complaints — it's a solid product. Then one morning we ran op read to grab a Stripe key and stopped. $36/year for a get and set command. Our Mac already had hardware-encrypted storage with biometric auth baked in. The Keychain was right there. We just needed a better way to talk to it.

So we spent a week testing every free CLI alternative we could find. Here's what held up.

Why developers look for 1Password CLI alternatives

1Password CLI (op) is genuinely good. op run is elegant, vault integration is tight, team sharing works. We're not here to trash it. But three things kept bugging us:

• The cost doesn't match the use. $36/year for an individual plan. If you're an indie dev managing a handful of API keys, that's a subscription for what your Mac already does for free — hardware-encrypted secret storage.
• Cloud sync you don't need. 1Password routes everything through their servers. Great for teams. For a solo dev on one machine? That's an extra attack surface for sync you'll never use.
• Way too much tool for the job. Password vaults, watchtower alerts, travel mode, family sharing. If all you need is "store this API key, give it back when I ask, authenticate with my fingerprint" — you're paying for a Swiss Army knife when you need a screwdriver.

None of these are dealbreakers for everyone. If your team shares creds through 1Password, keep it. But if you're solo on macOS and just want encrypted storage without a subscription, you've got real options.

5 free alternatives to 1Password CLI

1. NoxKey — macOS Keychain with a built-in MCP server

Full disclosure: we built NoxKey. We'll be upfront about what it does and doesn't do.

NoxKey is a macOS menu bar app that stores secrets in the Keychain, protected by Touch ID. Inside the app bundle ships an MCP server that Claude Code, Cursor, and other MCP-aware agents talk to directly — no shell wrapper required. No cloud, no account, no subscription. Built for the exact workflow 1Password CLI handles — storing and retrieving developer secrets — without the overhead of a full password manager.

// Install — Mac App Store: https://apps.apple.com/app/noxkey/id6760210699
// First launch registers the MCP server with Claude Code, Cursor, etc.

// Import your existing .env — drag the file onto the menu bar app,
// or run a two-step MCP scan + admin import for an agent-driven migration:
noxkey_scan(path: "~/code/api", suggested_org: "myorg", suggested_project: "project")
noxkey_admin(action: "import", entries: […])

// Retrieve a secret — value lands in shell env, never in chat
noxkey_get(account: "myorg/project/STRIPE_KEY")
// → "Run this in Bash: source '/tmp/noxkey-handoff-…sh'"

// Long task that needs multiple secrets — one Touch ID, four-hour session
noxkey_get(account: "myorg/project/STRIPE_KEY", session: "4h")
noxkey_get(account: "myorg/project/DATABASE_URL")  // skips biometric — same workspace
noxkey_get(account: "myorg/project/REDIS_URL")     // ditto

Here's what none of the other tools on this list do: NoxKey is MCP-native. When Claude Code, Cursor, or Copilot calls noxkey_get, the response is shaped to keep the secret out of the conversation transcript — the agent gets a one-shot handoff path, not the value. For non-MCP shell callers (a build script, a Makefile), the menu bar app falls back to walking the process tree and applies the same handoff response if it spots an agent runtime.

And the thing the others on this list can't do at all: send a secret to one specific person without a server. Right-click any secret, pick "Share," and NoxKey gives you a single end-to-end-encrypted .noxkey file. Hand it off through iMessage, AirDrop, or Signal, and the recipient double-clicks it into their NoxKey, with their Touch ID, into their Keychain. No shared vault, no signup wall on the recipient side beyond installing the free app, and no NoxKey backend in the loop. For higher-risk handoffs, the Medium tier wraps the content key under a passphrase you tell the recipient out-of-band.

Pros: Free, open source. Hardware encryption via Secure Enclave. Touch ID. MCP-native agent integration with encrypted handoff. End-to-end-encrypted share files for handing a secret to a specific teammate. org/project/KEY namespacing. Session unlock for batch reads. Drag-and-drop .env import.

Cons: macOS only — depends on Keychain and Secure Enclave. No shared team vault — sharing is a one-shot encrypted file, not continuous sync. No cross-device sync.

Best for: Solo macOS developers who want 1Password CLI's core workflow without the subscription or cloud — especially if you use AI coding agents, or if you occasionally need to hand a credential to a teammate without going through a paid team plan.

2. macOS Keychain (native security CLI)

Before we built NoxKey, we spent a week trying to use the Keychain directly. The security is identical — same Secure Enclave, same AES-256 encryption, same Touch ID. The developer experience is where it falls apart.

# Store a secret (note the flags)
$ security add-generic-password -a "$USER" -s "myproject-stripe-key" \
    -w "sk_live_..." -T ""

# Retrieve it
$ security find-generic-password -a "$USER" -s "myproject-stripe-key" -w

Compare that to op read "op://Dev/Stripe/key" or a single noxkey_get(account: "myorg/project/STRIPE_KEY") MCP call from your agent. The security command works, but it wasn't designed for juggling dozens of dev secrets. No namespacing. No bulk import. Access control groups are a nightmare. We documented the whole experience — it's doable, but you'll fight the tooling.

Pros: Free, already installed. Same hardware encryption as NoxKey. No third-party deps. Touch ID support (with correct configuration).

Cons: Terrible DX for developer workflows. No namespacing or organization. No bulk import/export. No AI agent awareness. You'll end up writing wrapper scripts — at which point you're building your own NoxKey.

Best for: Developers who want zero dependencies and don't mind shell wrappers. Fine for a handful of secrets. Painful at scale.

3. Bitwarden CLI (bw)

Bitwarden is the open-source alternative to 1Password as a password manager, and their CLI extends that to the terminal. If you're already using Bitwarden for passwords, the CLI gives you programmatic access to your vault.

# Login and unlock
$ bw login
$ export BW_SESSION=$(bw unlock --raw)

# Get a secret
$ bw get password "Stripe API Key"

# Create a secure note with your API key
$ bw get template item | jq '.name="STRIPE_KEY" | .notes="sk_live_..."' \
    | bw encode | bw create item

The free tier is genuinely free — unlimited passwords and secrets, cross-device sync, no credit card. That's a real edge over 1Password. The catch: Bitwarden CLI was built for password management, not developer secrets. There's no bw run equivalent to op run. Injecting secrets into your environment takes scripting. And the session token (BW_SESSION) sits in your shell as an environment variable — exactly the kind of thing we're trying to avoid.

Pros: Free tier with no limits. Open source. Cross-platform. Device sync. Self-hosting option (Vaultwarden). Active community.

Cons: CLI built for password management, not dev workflows. BW_SESSION token exposed in environment. No run command for secret injection. Cloud-dependent. No AI agent detection. Each command round-trips to the vault.

Best for: Developers already on Bitwarden who want terminal access to their vault. Less ideal as a purpose-built secrets tool.

4. pass (the standard Unix password manager)

pass is the minimalist's answer to secret management. Each secret is a GPG-encrypted file in ~/.password-store/. That's it. The filesystem is the database, GPG handles encryption, git handles version history.

# Initialize with your GPG key
$ pass init "[email protected]"

# Store a secret
$ pass insert dev/stripe-key

# Retrieve it
$ pass dev/stripe-key

# List all secrets
$ pass ls

We respect the philosophy. It's genuinely Unix — small tool, one job, composes with others. The encryption is solid. Git integration gives you history and sync. It's been around since 2012, battle-tested by the Linux community.

The downside: GPG key management is its own circle of hell. Never set up a GPG keyring? Block out an afternoon before you store your first secret. On macOS you'll need gnupg and pinentry-mac from Homebrew, and getting the pinentry agent to work reliably takes patience. No Touch ID — authentication is your GPG passphrase.

Pros: Free, open source. Strong GPG encryption. Git-based version history. Filesystem-based — easy to understand and back up. Huge ecosystem of extensions. Works on macOS, Linux, BSD.

Cons: GPG setup is painful. No Touch ID on macOS. No namespacing beyond directories. No AI agent detection. Ecosystem feels dated compared to modern dev tools.

Best for: Developers comfortable with GPG who want a proven, Unix-philosophy secrets manager. Strong pick on Linux where Keychain isn't an option.

5. age + SOPS — file-level encryption

age is a modern encryption tool — think GPG but simpler. SOPS (Secrets OPerationS) uses it to encrypt specific values inside config files (YAML, JSON, ENV, INI). Keys stay readable, values get encrypted. You can commit secrets files to git and decrypt at runtime.

# Generate an age key
$ age-keygen -o ~/.config/sops/age/keys.txt

# Create a SOPS-encrypted secrets file
$ sops secrets.yaml
# Editor opens — add your secrets, SOPS encrypts values on save

# Decrypt and use
$ sops -d secrets.yaml
# Or inject into environment
$ eval $(sops -d --output-type dotenv secrets.yaml)

This is a different animal. Not a vault, not a CLI secret store — it's encrypted config files. Your secrets travel with your repo (encrypted), and you can use the same tool for local dev, CI/CD, and production. The tradeoff: it's file-based, so you're back to managing files. The workflow is closer to "encrypted .env files" than "secrets manager."

Pros: Free, open source. Modern encryption (age is far simpler than GPG). Secrets can live in git. Works with YAML, JSON, ENV formats. Good for CI/CD. Straightforward key management.

Cons: File-based workflow, not a secrets manager. No per-access auth — if you have the key, you have everything. No Touch ID. No AI agent detection. More setup than a simple CLI tool.

Best for: Teams that need encrypted secrets in git repos. Strong for CI/CD and infrastructure-as-code. Less ideal as a daily-driver local secrets tool.

Comparison table

Which one should you pick?

Here's how we'd decide:

You're a solo macOS dev using AI coding agents: NoxKey. The MCP server ships inside the app, so Claude Code, Cursor, and Copilot get an encrypted handoff path instead of a plaintext value. Get it on the Mac App Store, drag your .env onto the menu bar app, delete the file.

Solo macOS dev, no AI agents: NoxKey or native Keychain. NoxKey gives you better DX and namespacing. Keychain gives you zero dependencies. Either way, hardware encryption and Touch ID.

You need to hand a credential to one specific person, occasionally: NoxKey's share files. Right-click the secret, pick "Share," send the resulting .noxkey file via iMessage, AirDrop, or Signal. End-to-end encrypted, single-open per device, optional passphrase wrap. No team plan, no shared vault, no server in the loop.

Need cross-platform or continuous team sharing: Bitwarden CLI if you want free. 1Password CLI if you'll pay for polish. Both give you sync that local-only tools can't.

You live in the terminal and love Unix philosophy: pass. Rock-solid for over a decade. GPG setup is the price of entry, but the workflow is clean once you're through.

Secrets need to live in git (CI/CD, infrastructure-as-code): age + SOPS. Different problem, different tool. Encrypts values in config files so they can be committed safely.

Frequently asked questions

Is 1Password CLI free?

No. The CLI itself is a free download, but it requires a 1Password subscription ($36+/year). For free alternatives with comparable security, see NoxKey (macOS Keychain + Touch ID), Bitwarden CLI, or pass.

Can I use macOS Keychain instead of 1Password CLI?

Yes. The Keychain provides the same hardware encryption (AES-256 via Secure Enclave) and supports Touch ID. The security CLI gives you terminal access, though the DX is rough — no namespacing, no bulk import, awkward flags. We wrote a full tutorial if you want to try it. NoxKey wraps the same Keychain with a developer-friendly interface.

Do any free secret managers protect against AI agent leaks?

NoxKey ships an MCP server inside the app, so agents like Claude Code, Cursor, and Copilot ask NoxKey for a secret over MCP and get an encrypted handoff path instead of the plaintext value. For non-MCP shell callers (a build script, a Makefile), NoxKey falls back to process-tree inspection and applies the same handoff response if it spots an agent runtime. Other tools — including 1Password CLI — expose raw values to any process that calls them, agents included.

Is Bitwarden CLI a good alternative to 1Password CLI?

For password management, yes — Bitwarden's free tier is generous and the CLI works well. For developer secrets specifically, it's less polished. No op run equivalent, the session token sits in your environment, and each command round-trips to the vault. It works, but it wasn't built for this.

What's the most secure free option for storing API keys on macOS?

NoxKey and native macOS Keychain both use Apple's Secure Enclave for hardware encryption and support Touch ID. They're equivalent in encryption strength. NoxKey adds MCP-native agent integration with encrypted handoff, namespacing, session unlock, and end-to-end-encrypted share files on top. For raw security without frills, the native Keychain is already on your Mac.

Related reading: Introducing NoxKey, Best dotenv alternatives in 2026, macOS Keychain tutorial for developers.