How DMNO is building on 1Password to streamline and secure configuration management
Community ManagerDMNO is a configuration toolkit for development and deployment workflows. The DMNO team leveraged 1Password CLI and SDKs to build a plugin that allows developers to securely access sensitive data stored in 1Password vaults, adding type-safety and validation — without writing any custom code.
Phil Miller and Theo Ephraim are the founders of DMNO (“Domino”), a Canadian company that builds free, open-source tools designed to make configuration management more straightforward and secure. DMNO integrates with 1Password CLI and SDKs, eliminating the need for any custom glue code and adding features that can help increase app security and minimize key rotation.
Building on 1Password Developer, DMNO provides an extra level of protection that’s especially useful in growth phases or for teams using monorepos. The plugin allows developers to create and define their own schemas for environment variables, including those stored in 1Password, and adds validation, type-safety, built-in documentation, and real-time leak detection for further security.
Did you know?
Any 1Password customer can store secret references in 1Password vaults and securely load those as needed, which ensures your secrets are kept secure and never written in plaintext. When sharing items, you can control who gets access to what and ensure everyone has continued access when something does change.
Ultimately, the founders’ aim when building DMNO was to provide a tool that improves the developer experience of configuration management, saving larger teams from having to build out their own custom tooling, and helping teams of all sizes maximize the security benefits of their toolset with minimal disruption to their existing workflow. DMNO’s schema feature uses a configuration-as-code approach, helping you keep this process organized in whichever way makes most sense to your team.
Background and inception
As seasoned full-stack engineers with decades of experience in dev ops and dev tools, the DMNO founders had seen firsthand the many difficulties teams faced managing configuration issues. Time and time again, they’d observed developers safely storing configuration secrets — often in 1Password vaults — only for them to later share these secrets using an insecure method.
The pair built DMNO to help solve configuration challenges like these. Taking a holistic view of configuration and deployment, Miller and Ephraim set out to create a next-generation tool to help smooth the process, from development all the way to production.
Building upon 1Password CLI and SDKs
DMNO’s plug-in builds upon the app security already offered by 1Password CLI and SDKs, which allow developers to safely inject secrets stored in 1Password vaults into their code and to safely share secret references between team members. Thanks to DMNO, developers can add even more guard-rails and leverage these features without writing a single line of custom code.
While DMNO is particularly useful for developers working in the JavaScript ecosystem, it’s flexible enough to work seamlessly across multiple platforms. These integrations — including their most popular integration, 1Password☝️— can increase app security and improve the developer experience. Perhaps best of all, DMNO’s flexibility allows developers to secure their configuration without changing the tools they’re already using.
As an open-source tool, DMNO builds on the contributions of many open-source projects — most notably TypeScript, Vite, GraphLib, Node.js, and Astro’s Starlight framework, which they used to build their fabulous docs site.
Using DMNO + 1Password together 🥰
Using DMNO and 1Password together means you can securely load environment variables into applications with ease — all while keeping your secrets safe in 1Password. DMNO’s schema keeps them validated and type-safe, attaches documentation, and provides guardrails.
If you don’t already have environment variables stored in individual 1Password items, fear not. DMNO offers an easy way to copy and paste your entire “.env” file into a single 1Password item. You can then move each variable into its own 1Password entry as needed.
Items can be composed and shared in whichever way works best for your organization. For example, only non-production secrets can be made available to dev teams, and production secrets can be only accessed via privileged accounts in CI/CD systems. DMNO’s schema allows you to set granular permissions by environment, provider, or individual item.
Under the hood, you’re getting all the secret protection 1Password has to offer. 1Password SDKs only decrypt data when and where it’s needed, keeping every value secret until that moment. For local development, DMNO provides the option to utilize 1Password’s biometrics feature, which means you can authorize the 1Password CLI with your fingerprint in local development and your secrets are never written in plaintext or saved to disk.
Get started with DMNO and 1Password
Building on 1Password CLI and SDKs, the DMNO team have built a tool that gives developers the benefits of 1Password’s secret management without needing to write custom code:
- Share and load environment variables during development without worrying about leaking secrets.
- Create a shared vault so that your team has uninterrupted access to new credentials after you rotate them.
- Revoke access when someone moves on to another project.
If you want to learn more about DMNO and 1Password Developer:
- Explore DMNO’s integration page on 1Password Marketplace.
- Check out DMNO’s latest demo or get stuck in with their quickstart guide.
- Learn more about 1Password Developer or read our blog post on managing environment variables with 1Password.
- Hop over to our tutorial to start building on our SDKs.
Community Manager
1Password Team