Native macOS app that auto-fills .htaccess credentials from 1Password across Chrome, Brave, and Safari. One Touch-ID, then silent fills — even after reboot.
macOS 14 (Sonoma) or newer · Apple Silicon · Free & open source (GPL-3.0)
Requires 1Password 8 with the “Connect with 1Password CLI” integration enabled.
HTTP Basic Auth dialogs — the popups you get on staging servers, internal tools, and .htaccess-protected URLs — aren't normal login forms. They're a browser-native prompt, and 1Password's extension can't fill them. So you copy-paste credentials by hand. Every visit. In every browser.
Password Filler closes that gap. A single native macOS app fetches credentials on demand, encrypts them in a per-Mac Keychain-locked cache, and serves every browser from one source. Approve once with Touch-ID — fills stay silent for days, even after reboot.
Before you start: open 1Password 8 → Settings → Developer and enable “Integrate with 1Password CLI”. Without this, the Mac app can't talk to your vault.
Drag Password Filler.app to /Applications and launch it. The Agent registers itself, writes Native-Messaging manifests for every installed browser, and a one-time onboarding wizard verifies your 1Password connection.
A slim proxy. It catches onAuthRequired events and forwards them to the Mac agent over a Unix socket. Holds no credentials, no cache.
Add the tag .htaccess (configurable) to the login items you want auto-filled, and make sure each one has a URL set — items without a URL are skipped. Visit a tagged URL: credentials fill automatically, no dialog.
Install the extension once per browser. The Mac app does the heavy lifting.
Install from the Chrome Web Store — works in both browsers. Auto-updates.
Install →
Firefox
Install from Mozilla Add-ons. Auto-updates via AMO.
Install →
Safari
Built into the Mac app. Two quick enables: System Settings → Passwords → AutoFill (the credential provider), then Safari → Settings → Extensions (the web extension). No separate download.
IncludedPassword Filler is open source under GPL-3.0. Nothing leaves your Mac.
Password Filler doesn't store, sync, or duplicate your vault. It fetches credentials on demand from your local 1Password app and forwards them to the browser. Your secrets stay where they belong: in 1Password.
Auto-fill across reboots needs a local cache — Password Filler encrypts it with AES-256-GCM, locked by a per-Mac key in the macOS Keychain. Cache TTL is configurable (1–30 days, default 7); credentials are never written to disk in plaintext.
When 1Password access is revoked — removed from team, signed out, vault unshared — Password Filler wipes its cache within 30 minutes. A background poller (op whoami, also on Mac wake) catches the change so cached credentials never outlive the access that fetched them.
GPL-3.0 source on GitHub, auditable line by line. Apple-notarized DMG passes Gatekeeper without overrides. Updates are ed25519-signed via Sparkle 2 and install silently — no admin prompt, no .pkg scripts. The Safari extension and credential provider run in Apple's App Sandbox.
macOS 14 Sonoma or newer · Apple Silicon · 1Password 8 + CLI integration