1Password · Arazzo Workflow

1Password Rotate an Item Password

Version 1.0.0

Read an item, then apply a JSON Patch to replace its password field value.

1 workflow 1 source API 1 provider
View Spec View on GitHub Password ManagerPasswordsSecuritySecretsArazzoWorkflows

Provider

1password

Workflows

rotate-item-password
Replace an item's password field value with a JSON Patch operation.
Reads the target item to confirm it exists and capture its current version, then applies a JSON Patch replace operation that updates the password field value in place.
2 steps inputs: fieldPath, itemUuid, newValue, vaultUuid outputs: itemId, version
1
readItem
getItemById
Read the target item to confirm it exists and capture its current version before applying the patch.
2
patchPassword
patchItem
Apply a JSON Patch replace operation that updates the targeted field value in place, leaving the rest of the item intact.

Source API Descriptions

openapi
connectApi https://raw.githubusercontent.com/api-evangelist/1password/refs/heads/main/openapi/1password-connect-openapi.yml

Arazzo Workflow Specification

1password-rotate-item-password-workflow.yml Raw ↑ 
arazzo: 1.0.1
info:
  title: 1Password Rotate an Item Password
  summary: Read an item, then apply a JSON Patch to replace its password field value.
  description: >-
    A secret rotation pattern for 1Password Connect. The workflow reads the
    target item to capture its current version, then applies an RFC 6902 JSON
    Patch that replaces the password field value in place without rewriting the
    rest of the item. Each step spells out its request inline so the flow can be
    read and executed without opening the underlying OpenAPI description.
  version: 1.0.0
sourceDescriptions:
- name: connectApi
  url: ../openapi/1password-connect-openapi.yml
  type: openapi
workflows:
- workflowId: rotate-item-password
  summary: Replace an item's password field value with a JSON Patch operation.
  description: >-
    Reads the target item to confirm it exists and capture its current version,
    then applies a JSON Patch replace operation that updates the password field
    value in place.
  inputs:
    type: object
    required:
    - vaultUuid
    - itemUuid
    - fieldPath
    - newValue
    properties:
      vaultUuid:
        type: string
        description: The UUID of the vault containing the item.
      itemUuid:
        type: string
        description: The UUID of the item whose password is being rotated.
      fieldPath:
        type: string
        description: A JSON Pointer to the field value to replace (e.g. /fields/1/value).
      newValue:
        type: string
        description: The new value to write into the targeted field.
  steps:
  - stepId: readItem
    description: >-
      Read the target item to confirm it exists and capture its current version
      before applying the patch.
    operationId: getItemById
    parameters:
    - name: vaultUuid
      in: path
      value: $inputs.vaultUuid
    - name: itemUuid
      in: path
      value: $inputs.itemUuid
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      version: $response.body#/version
  - stepId: patchPassword
    description: >-
      Apply a JSON Patch replace operation that updates the targeted field value
      in place, leaving the rest of the item intact.
    operationId: patchItem
    parameters:
    - name: vaultUuid
      in: path
      value: $inputs.vaultUuid
    - name: itemUuid
      in: path
      value: $inputs.itemUuid
    requestBody:
      contentType: application/json
      payload:
      - op: replace
        path: $inputs.fieldPath
        value: $inputs.newValue
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      itemId: $response.body#/id
      version: $response.body#/version
  outputs:
    itemId: $steps.patchPassword.outputs.itemId
    version: $steps.patchPassword.outputs.version