Why this matters
Your Stacked vault has every credential your product needs. This guide connects that vault to Claude Code via the 1Password CLI -- so when Claude Code needs your Stripe key or Anthropic API key, it pulls it directly. No .env files. No copy-pasting. No accidental commits.
What you'll need
- Your Stacked credential vault delivered
- 1Password account (personal or team)
- Claude Code installed
- 5 minutes
Step 1: Add your credentials to 1Password
When Stacked delivers your vault, you'll receive a secure link with all credentials. Import them into a 1Password vault called "Stacked" -- one item per service (Stripe, Vercel, GitHub, etc.), using the field name api_key or token consistently.
Each item should be named after the service. So your Stripe item is called "Stripe" with a field called api_key containing your live secret key. Same pattern for every service in your stack.
Step 2: Install the 1Password CLI
The 1Password CLI lets you pull credentials from your vault via the command line. Install it with Homebrew:
brew install 1password-cliThen sign in to connect to your 1Password account:
op signinFollow the prompts to authenticate. You'll need your 1Password account credentials and may be asked to enable biometric unlock for future sessions.
Step 3: Test a credential fetch
Verify the connection works by pulling a credential from your Stacked vault:
op read "op://Stacked/Stripe/api_key"This should return your live Stripe secret key. If it does, you're connected. The format is always op://VaultName/ItemName/FieldName -- so for your Vercel token it would be op://Stacked/Vercel/token.
Step 4: Use it in Claude Code
Claude Code can reference op:// URIs directly. The best way to set this up is by adding credential references to your project's CLAUDE.md file. Claude Code reads this file automatically at the start of every session.
Add a credentials section to your CLAUDE.md:
## Credentials
All credentials are stored in 1Password under the "Stacked" vault.
To retrieve a credential, use the 1Password CLI:
- Stripe: op read "op://Stacked/Stripe/api_key"
- Vercel: op read "op://Stacked/Vercel/token"
- Anthropic: op read "op://Stacked/Anthropic/api_key"
- Twilio: op read "op://Stacked/Twilio/auth_token"
- GitHub: op read "op://Stacked/GitHub/pat"
- Supabase: op read "op://Stacked/Supabase/api_key"
- Resend: op read "op://Stacked/Resend/api_key"
When you need a credential, use the op:// path above
instead of hardcoding values.When Claude Code needs a credential during a session, it will reference these paths and use the 1Password CLI to fetch the value at runtime. No secrets ever touch your codebase.
Step 5: Never hardcode again
Any time Claude Code generates code that needs a credential, prompt it with: "Use op:// to reference credentials from my 1Password Stacked vault instead of hardcoding values." Claude Code will use the op read command to fetch the value and inject it where needed -- without writing secrets into your source files.
This means your .env files stay empty (or nonexistent), your git history stays clean, and your credentials rotate in one place -- your 1Password vault.
Add a CLAUDE.md file to the root of every project with your op:// references. Claude Code reads this automatically on every session -- your full stack is always one prompt away.