diff --git a/plugins/openbao/auth_token.go b/plugins/openbao/auth_token.go
new file mode 100644
index 00000000..09b726d9
--- /dev/null
+++ b/plugins/openbao/auth_token.go
@@ -0,0 +1,57 @@
+package openbao
+
+import (
+	"github.com/1Password/shell-plugins/sdk"
+	"github.com/1Password/shell-plugins/sdk/importer"
+	"github.com/1Password/shell-plugins/sdk/provision"
+	"github.com/1Password/shell-plugins/sdk/schema"
+	"github.com/1Password/shell-plugins/sdk/schema/credname"
+	"github.com/1Password/shell-plugins/sdk/schema/fieldname"
+)
+
+func AuthToken() schema.CredentialType {
+	return schema.CredentialType{
+		Name:          credname.AuthToken,
+		DocsURL:       sdk.URL("https://openbao.org/docs/concepts/tokens/"),
+		ManagementURL: nil,
+		Fields: []schema.CredentialField{
+			{
+				Name:                fieldname.Token,
+				MarkdownDescription: "Token used to authenticate to OpenBao.",
+				Secret:              true,
+				Composition: &schema.ValueComposition{
+					Charset: schema.Charset{
+						Uppercase: true,
+						Lowercase: true,
+						Digits:    true,
+					},
+				},
+			},
+			{
+				Name:                fieldname.Address,
+				MarkdownDescription: "Default address of the Vault server to use for this auth token.",
+				Optional:            true,
+			},
+			{
+				Name:                fieldname.Namespace,
+				MarkdownDescription: "Default namespace to use for this auth token.",
+				Optional:            true,
+			},
+		},
+		DefaultProvisioner: provision.EnvVars(defaultEnvVarMapping),
+		Importer: importer.TryAll(
+			importer.TryEnvVarPair(defaultEnvVarMapping),
+			TryOpenBaoConfigFile(),
+		)}
+}
+
+var defaultEnvVarMapping = map[string]sdk.FieldName{
+	"BAO_TOKEN":     fieldname.Token,
+	"BAO_ADDR":      fieldname.Address,
+	"BAO_NAMESPACE": fieldname.Namespace,
+}
+
+func TryOpenBaoConfigFile() sdk.Importer {
+	return importer.NoOp()
+}
+
diff --git a/plugins/openbao/auth_token_test.go b/plugins/openbao/auth_token_test.go
new file mode 100644
index 00000000..cd88385d
--- /dev/null
+++ b/plugins/openbao/auth_token_test.go
@@ -0,0 +1,49 @@
+package openbao
+
+import (
+	"testing"
+	
+	"github.com/1Password/shell-plugins/sdk"
+	"github.com/1Password/shell-plugins/sdk/plugintest"
+	"github.com/1Password/shell-plugins/sdk/schema/fieldname"
+)
+	
+func TestAuthTokenProvisioner(t *testing.T) {
+	plugintest.TestProvisioner(t, Token().DefaultProvisioner, map[string]plugintest.ProvisionCase{
+		"default": {
+			ItemFields: map[sdk.FieldName]string {
+				fieldname.Token: "s.UrpjvNwnaPjTFFj2RAyEXAMPLE",
+				fieldname.Address: "https://bao.acme.com",
+				fieldname.Namespace: "default",
+			},
+			ExpectedOutput: sdk.ProvisionOutput{
+				Environment: map[string]string{
+					"BAO_TOKEN":     "s.UrpjvNwnaPjTFFj2RAyEXAMPLE",
+					"BAO_ADDR":      "https://bao.acme.com",
+					"BAO_NAMESPACE": "default",
+				},
+			},
+		},
+	})
+}
+
+func TestAuthTokenImporter(t *testing.T) {
+	plugintest.TestImporter(t, Token().Importer, map[string]plugintest.ImportCase{
+		"environment": {
+			Environment: map[string]string {
+				"BAO_TOKEN":     "s.UrpjvNwnaPjTFFj2RAyEXAMPLE",
+				"BAO_ADDR":      "https://bao.acme.com",
+				"BAO_NAMESPACE": "default",
+			},
+			ExpectedCandidates: []sdk.ImportCandidate{
+				{
+					Fields: map[sdk.FieldName]string{
+						fieldname.Token: "s.UrpjvNwnaPjTFFj2RAyEXAMPLE",
+						fieldname.Address: "https://bao.acme.com",
+						fieldname.Namespace: "default",
+					},
+				},
+			},
+		},
+	})
+}
diff --git a/plugins/openbao/bao.go b/plugins/openbao/bao.go
new file mode 100644
index 00000000..7a84d98c
--- /dev/null
+++ b/plugins/openbao/bao.go
@@ -0,0 +1,25 @@
+package openbao
+
+import (
+	"github.com/1Password/shell-plugins/sdk"
+	"github.com/1Password/shell-plugins/sdk/needsauth"
+	"github.com/1Password/shell-plugins/sdk/schema"
+	"github.com/1Password/shell-plugins/sdk/schema/credname"
+)
+
+func OpenBaoCLI() schema.Executable {
+	return schema.Executable{
+		Name:      "OpenBao CLI", // TODO: Check if this is correct
+		Runs:      []string{"bao"},
+		DocsURL:   sdk.URL("https://openbao.com/docs/cli"), // TODO: Replace with actual URL
+		NeedsAuth: needsauth.IfAll(
+			needsauth.NotForHelpOrVersion(),
+			needsauth.NotWithoutArgs(),
+		),
+		Uses: []schema.CredentialUsage{
+			{
+				Name: credname.AuthToken,
+			},
+		},
+	}
+}
diff --git a/plugins/openbao/plugin.go b/plugins/openbao/plugin.go
new file mode 100644
index 00000000..dcf753a3
--- /dev/null
+++ b/plugins/openbao/plugin.go
@@ -0,0 +1,22 @@
+package openbao
+
+import (
+	"github.com/1Password/shell-plugins/sdk"
+	"github.com/1Password/shell-plugins/sdk/schema"
+)
+
+func New() schema.Plugin {
+	return schema.Plugin{
+		Name: "openbao",
+		Platform: schema.PlatformInfo{
+			Name:     "OpenBao",
+			Homepage: sdk.URL("https://openbao.org"),
+		},
+		Credentials: []schema.CredentialType{
+			AuthToken(),
+		},
+		Executables: []schema.Executable{
+			OpenBaoCLI(),
+		},
+	}
+}