What tech stack does 1Password use?

Rust is the defining technology of 1Password's engineering identity. The company wrote its shared backend library in Rust — a headless core that encapsulates all cryptography, database access, server communication, and business logic. This library is compiled to native code for Android, iOS, macOS, Windows, and Linux, ensuring consistent security behavior across platforms without duplicating cryptographic implementations. 1Password is a founding-tier member of the Rust Foundation and regularly contributes to the broader Rust ecosystem, including the open-source Typeshare library for generating type schemas across languages.

The infrastructure layer runs on AWS, with Kubernetes for container orchestration, Terraform for infrastructure-as-code, and NGINX for web serving. Go handles much of the server-side infrastructure work alongside Rust — backend engineering job postings consistently require both languages, and the Go layer tends to cover API gateway logic, service mesh communication, and operational tooling that benefits from Go's concurrency model. GitLab is the primary code collaboration platform. Observability is handled by Datadog and Amazon CloudWatch, with Elasticsearch supporting log search and security event indexing.

The Rust-first approach is not merely a trend preference — it is a security decision. Memory safety vulnerabilities (buffer overflows, use-after-free bugs) account for a large proportion of CVEs in systems software. By using Rust for all cryptographic and data-access code, 1Password has structurally reduced its exposure to an entire class of security vulnerabilities, which is particularly important given that the company holds credentials for millions of users and businesses.

The frontend and desktop app are built on React and TypeScript, with Electron providing the cross-platform desktop shell for macOS and Windows. WebAssembly enables the Rust cryptographic core to run in browser environments for the 1Password web app and browser extension — a technically sophisticated approach that avoids reimplementing cryptographic primitives in JavaScript. The company has publicly described a move toward a unified web stack as a deliberate engineering efficiency decision, consolidating the macOS and Windows desktop apps under the same React codebase.

On the data side, 1Password runs a sophisticated analytics infrastructure appropriate for a company with hundreds of thousands of business customers and billions of credentials under management. Amazon Redshift serves as the data warehouse; Apache Spark and AWS Glue handle batch processing and ETL; dbt manages transformations; Airflow orchestrates pipelines; and Amazon Athena enables ad hoc querying against S3. This supports product analytics, security telemetry, business reporting, and the machine learning features embedded in Watchtower (breach monitoring) and shadow IT discovery.

For GTM, Salesforce is the CRM of record and Marketo handles marketing automation — both visible in public job postings and technology aggregators. An interesting irony: 1Password uses Okta internally for SSO, even as 1Password's Extended Access Management platform increasingly competes with Okta at the access governance layer. Figma is the design tool of record, consistent with its dominance among product-led SaaS companies of this scale.

1Password's Rust-centric engineering culture signals a team that values correctness, memory safety, and performance over rapid iteration velocity. Vendors pitching security tooling, cryptographic infrastructure, supply chain security (SCA/SBOM), or Rust-native developer tools will find a technically sophisticated audience that scrutinizes implementation quality and security architecture, not just feature checklists. The engineering team's Rust Foundation involvement means they are well-networked in the Rust ecosystem and will quickly identify whether a vendor's claimed Rust support is genuine or superficial.

The deep AWS dependency — essentially the entire infrastructure, data, and compute layer — creates natural integration points for AWS-native security, compliance, cost optimization, and observability tools. Vendors with first-class AWS marketplace listings and native CloudTrail/CloudWatch integrations have a structural advantage. The mature data stack (Redshift + dbt + Spark + Airflow) is a target for data observability platforms, ML infrastructure vendors, and BI tools that support Redshift as a primary connector.

For GTM and CRM vendors, Salesforce and Marketo are deeply entrenched — displacement is unlikely. Complementary tools (revenue intelligence, sales engagement, intent data) with native Salesforce integrations have a realistic path. CRM-adjacent vendors should note that 1Password's procurement team will itself evaluate vendors using the same security rigor it applies to its product — a 'vendor security questionnaire' should be expected, and SOC 2 Type II plus ISO 27001 certification is a near-requirement for any meaningful contract.