Summary

The 1Password Terraform provider does not expose custom root-level fields (fields not in sections) for
items, even though these fields are accessible via the 1Password CLI and web
interface.

Use cases

When using items to store API tokens and related configuration, users need to access custom fields that are logically part of the credential but don't fit the standard schema.

Currently, terraform can access credential and username but silently ignores the custom fields.

Proposed solution

Extend the provider to expose root-level custom fields, similar to how sectioned custom fields are
already exposed.

Is there a workaround to accomplish this today?

Workaround 1: Move custom fields into a named section in 1Password, then access via section_map:
data.onepassword_item.slack.section_map["config"].field_map["channel"].value

Workaround 2: Abuse existing mapped fields (use standard fields instead of custom fields (i.e. url / database)

References & Prior Work

• Source code location: The limitation exists in https://github.com/1Password/terraform-provider-onepa
  ssword/blob/main/internal/provider/onepassword_item_data_source.go#L where root-level fields are only
  mapped if ID matches a hardcoded list.
• 1Password CLI: The op item get command successfully returns these custom fields in the JSON output
  under fields[]
• Community discussion: https://www.1password.community/discussions/developers/correct-way-to-read-custom-fields-in-onepassword-item-data-source/87609 confirms custom fields must be in sections