Storing SSH keys in 1Password - really doesn't work at all well

Ben

Thanks for sharing @jarom. :)

Ben

schlappette

Chiming in to add my support for storing SSH keys in 1Password as well!

Ben

Thanks @schlappette. :+1:

Ben

danielwagn3r

@jarom I've long used KeeAgent (https://lechnology.com/software/keeagent/) plugin for KeePass 2. It integrates very well in Windows (native and PuTTY) and Linux. Under Windows it also works like a charm together with WSL, when using wsl-ssh-pagent (https://github.com/benpye/wsl-ssh-pageant).

When not looking at enterprise grade PAM solutions I think this is pretty much the usability standard to measure against.

ag_ana

Thank you for the suggestion @danielwagn3r :+1: :)

a.jaffe

+1 on a solution for ssh keys in 1Password!

ag_ana

:+1: :)

cameronredux

Big +1 here as well.

Either allow multi-line text field in a section or allow a second Notes area to be created below sections where data like this can be kept.

SSH public and private key pairs, SSL certs etc..

Adding this as an external file would double what is in the sidebar which is fine if you just a have a few things but we have thousands and that gets messy. Much preferred if all pertinent data is in one place.

Ben

Thanks for chiming in @cameronredux. :)

Ben

Maurice Kelly

Seems like chiming in on this thread is the best way to register support for improving SSH key support though I'm not sure just having a custom category is enough.

A key can be much more than a standalone entity. It can be the "password" for multiple machines and services and maybe needs to be modelled as something that can be attached to existing category items. For example, consider a Server entry in 1Password. I may have copied a specific public key to the server, and intend to use the associated private key for connection to that server. It would be better to have the key pair associated with the Server entry, rather than copying the data into the Server entry. This is even more important if keys are used on multiple machines.

I know that we can use Related Item links between items, but keys seem way more important than that basic linkage mechanism. As another posted mentioned, it would be great to be able to link the Key entries to key files on the filesystem that could be used to create a new SSH connection to the Server.

Thanks folks!

ag_ana

Thank you for your feedback as well @Maurice Kelly! Especially the usage examples, they are very useful! :+1:

Maurice Kelly

No problem. I've worked as software engineer and product manager so happy to help flesh things if you want more feedback!

ag_ana

Thank you @Maurice Kelly :) Any feedback ideas you have that can help make 1Password better is always welcome ;)

a2sheppy

I would sure love to have this. It’s been one of those things I’ve had to work around for years and years and years now. I have had to drop copies of my private and public keys in so many weird places to keep track of them, transfer them from one device to another, have access to them when I need them, etc that I can only hope I’ve not been leaking them all over the galaxy. :/

Lars

@a2sheppy - we hear you. I can't say what the future might hold, but I can definitely say that for now, you can place copies of your keys linked to a Secure Note that includes any other information you want about them. Thanks for weighing in on the subject.

datajock

+1 for this feature.

I like the idea of a multi-line password field and/or a multi-line text field. I can see a use for both of these as a public key need not be hidden, but a private key probably should be.

Additionally, for these fields, I will suggest that you add a "save as file" along with the "copy", "reveal" and such dropdown. Then allow a file name to be specified where it will be saved.

Ben

Thanks @datajock. :)

Ben

thawkins

This should work as a somewhat awkward workaround for Linux/Mac users

You can encode an arbitrary file to a single string using the 'base64' command IE: i have a key called id_xxx_rsa in my .ssh folder

cd ~/.ssh
cat ./id_xxx_rsa | base64 -w 0 > id_xxx_rsa.b64

notes: the "-w 0" flag tells "base64" not to insert any linewrap lineends so the output will be in one string

The contents of the file id_xxx_rsa.b64 is a single string with no line-ends in it at all, which can be pasted into the text field store in 1Password. you can move the file directly to the clipboard ready for pasting using "xclip"

xclip -selection clipboard < id_xxx_rsa.b64

Alternatively you can do it all in one go and not create an intermediate b64 file at all using xclip, which should be available for your Linux distribution. I'm not sure if "xclip" is available on MacOSX, perhaps there is an apple equivalent command-line utility. Note that "xclip" is an X11 utility and may not be available on systems running Wayland.

cd ~/.ssh
cat ./id_xxx_rsa | base64 -w 0 | xclip -selection clipboard

To recover the key file, copy the contents of the field back into a file ie ~/.ssh/id_xxx_rsa.b64 and run

cd ~/.ssh
cat ./id_do2_rsa.b64 | base64 -d > id_xxx_rsa

Notes: the -d flag means "decode" so it takes the single string "base64" encoded data and turns it back into the original file again.

Alternatively we can eliminate the need for a .b64 file again, you can copy the string direct from 1password and run

cd ~/.ssh
xclip -o | base64 -d > id_xxx_rsa

Notes: this takes whatever you have in your clipboard and decodes it and writes it directly to the designated file, the "-o" flag says output the current clipboard selection.

Cant help windows users i'm afraid, hav'nt opened a windows box for a very very long time.

Regards Tim Hawkins - CTO - The Red Flag Group.

update: xclip is available for OSX via brew

https://brewinstall.org/Install-xclip-on-Mac-with-Brew/

ag_ana

Thank you for taking the time to share all of these tips @thawkins, that was great!

(And welcome to the forum :) )

Matt3564

+1 on a fully supported solution for ssh keys in 1Password!

ag_tommy

Thanks for adding your voice, @Matt3564 .

woodsb02

+1 for storing SSH keys in 1password - my keys have 3 components - public key, private key, passphrase.
I think this could also apply to TLS public/private keypairs and certs?

ag_ana

Thank you for your feedback @woodsb02. I believe this could also work for those examples too :+1:

ffredrikk

I'm also looking for a better way to handle certs, gpg, pgp, ssh keys etc.

ag_ana

Thank you for letting us know @ffredrikk :+1:

DavidWu

Finding the way to store SSH keys and hope to add the feature. Thanks!

ag_ana

Thank you for sharing this with us @DavidWu :+1: :)

bpavlov

Count me in as someone who would love to see this added to 1Password. I created a "Secure Note" but everything is visible as soon as you click on the secure note entry.

Anyone else have suggestions? Someone earlier in the discussion mentioned adding a file, but I've never made use of that feature. How does that work?

Ben

Thanks @bpavlov. If you're interested in trying out Documents to see if they can help here we have a guide on them available:

Save important files in 1Password

Ben

nikanorov

Please, add me to the waiting list too. I will be happy to have solution to store ssh keys in 1P.