GPG support? (like SSH)

Options
13»

Comments

  • dannysauer
    dannysauer
    Community Member
    Options

    I'm still super interested in this because I'd like to be able to more natively use 1password as the central hub to store keys used to sign published artifacts generated in CI. It'd be super-handy if I could easily generate a new signing subkey and revoke one which was compromised when a CI system's cloud provider gets hacked again, all without having to change a thing about the ci logic. Bonus points for also auto-publishing to one or more keyservers on-change. For one example.

    Right now I have to locally export a key, import that into 1password as a text field, then have automation fetch the armored key before importing it into a local agent, etc. It's kind of a convoluted process compared to something like telling a package signing process to just use a local key agent which can just speak to 1password connect -- for another example. :)

    Git commit signing is technically on the list, but more of a side effect to me personally.

  • festus777
    festus777
    Community Member
    Options

    What would be really beneficial after almost 2 years of this discussion is whether 1Password would comment on this feasibility. There have been plenty of comments on its usefulness. Either we’re considering, working on it, or it a’int happening.

  • Lucent
    Lucent
    Community Member
    Options

    I think they're hoping everyone storing PGP keys is using them for signing commits and as people discover it can be done with SSH, they'll give up asking for the feature. There are indeed those of us from the '90s still using S/MIME and encrypting blocks to others who want 1Password to be the one stop secret shop.

  • joshmock
    joshmock
    Community Member
    Options

    I think they're hoping everyone storing PGP keys is using them for signing commits and as people discover it can be done with SSH, they'll give up asking for the feature.

    I use GPG for more than just commit signing. Many CLI-based tools use GPG keys to encrypt secrets at rest, so that you can be prompted for your GPG passphrase at decrypt time rather than implementing some other standalone encryption scheme.

    For example, pass is used by my terminal email client to store my email account's password, which it encrypts using my GPG key.