Skip to main content
TinyFish can log into websites on your behalf using credentials from your existing password manager. Connect your vault once, then select which credentials to use for each run.
Vault credentials are currently supported in the Playground and REST API. Python SDK, TypeScript SDK, and CLI support is coming soon.

How It Works

Connect your password manager account, TinyFish syncs your vault items, and then you select specific credentials for each run. Each run only gets the credentials you explicitly choose, so no run has access to your full vault. Vault settings page with Connect a password manager button

Connect Your Provider

More providers coming soon.
1

Go to Settings and open Vault

In TinyFish, go to Settings and then open Vault.
2

Choose 1Password

Click Connect a password manager, select 1Password, then click Continue.Provider selection dialog showing 1Password and Bitwarden options
3

Enter your service account token

Paste your Service Account Token. 1Password service account tokens start with ops_.1Password credentials form with Service Account Token field
Need a token? Create a service account with read access to your vault. See the 1Password service account docs.
4

Connect and sync

Click Connect. Your items sync automatically after the connection succeeds.
5

Verify your credentials

Confirm your credentials appear grouped by vault name. Each item shows its label, domain, and a TOTP badge if applicable.Vault settings with connected 1Password showing credentials grouped by vault

Managing Your Vault

Sync

Click Sync to fetch the latest items from your connected provider. New items are auto-enabled, while disabled items stay disabled.

Enable or Disable Credentials

Use the toggle next to any credential to enable or disable it for future runs.

Disconnect

Click Disconnect and confirm to remove the provider. All cached credentials are removed immediately, but runs already in progress are not affected. You can reconnect at any time.

Troubleshooting

For 1Password, verify the token starts with ops_ and has read access to the vault you want to sync.For Bitwarden, verify that the Client ID and Client Secret match the same API key.
Vault items must have website URLs in your password manager to sync into TinyFish.Credentials without URLs are not synced.
Ensure the server URL includes https:// and that the server is accessible from TinyFish.
Provider tokens can expire. Disconnect the provider, then reconnect using a fresh token or updated credentials.
The first Bitwarden sync can take up to 15 seconds while the connection initializes. Subsequent syncs are faster.
You can connect a maximum of 2 providers at the same time.

Vault Credentials

Learn how credentials are selected and used in runs

Authentication

Understand TinyFish authentication methods