DevSecOps teams can now manage coding agents as a tenant rather than another vault where secrets might be stored, ensuring credentials are never exposed to an AI agent or LLM as plain text. The MCP server does not read or return secret values through the MCP channel, allowing Codex to create environments and invoke applications while the values themselves never leave the 1Password vault.
