`1Password` adds OpenAI Codex integration for runtime-only secrets

Secrets stay out of prompts, repos, terminals, and model context. Runtime approval is the right security shape for agentic coding.

• —1Password injects credentials only at runtime after user approval, cutting exposure before code or prompts ever reach the model.
• —The integration targets prompts, repositories, terminals, and context windows — four common leak paths in agent workflows.
• —This turns secrets management from a policy reminder into a product control. Useful once agents start running deploys, DB scripts, and API calls.