Unfortunately they are being die hard that their processes are the one-way and only-way, the 1password devs run a persistent tmux session and on the occasions they are prompted they thumb that little button on their macbooks...
So everyone else is screwed by "new processes always require approval" (I suspect your case vscode is calling git from a new bash shell each time - so the parent process is different)... between this and the v8 iOS faceid fiasco im seriously considering going back to keepass-xc - paid for a year though so quite annoying
if you have git configured to use an ssh key for signing or you do a push to GitHub or something using ssh, then yes, you'll have to approve it the first time you do a commit or a push in a vscode terminal. it also happens again after some timeout period.
Personally I don't see the issue. Until recently I had a 2015 iMac and I had to type in the password on these occasions. I did. I did not get mad.
Now I have an M1 Pro MBP and I can either use my watch to approve or use Touch ID to approve. I do. I do not get mad.
The timeout period always seems reasonable to me. It doesn't require it each time, and I'm using it for ssh, for git signing, and for GitHub.
I also haven't had any issues with Face ID on iOS using 1Password 8, but maybe I'm just lucky.
My terminals are ephemeral and I'm happy with the setup - I'd need a strong reason to change than 1password telling me this is the way - also TouchID and iWatch approval aren't available in Ubuntu (most fingerprint readers dont have drivers). I connect to dozens of endpoints per day and having to retype password possibly 100+ times a day is extremely annoying. The point being the suitability of the ssh agent product is narrowly scoped to a specific workflow and seems heavily biased to mac users - if you have a persistent process (vscode) and some timeout period then sure you might not be bothered but otherwise it can be a major PITA. There is no good reason for "new processes always require approval" not being toggleable. If only Keepass-xc had a cloud version..
Hi all, the addition of asking per application is great.
However I noticed that 1Password isn't saving this settings, every time 1P is killed (either by reboot or stopping it completely).
I am currently running: 1Password for Linux 8.10.0 (81000009)
Unfortunately, and rather insanely, it's not "per application" as they suggest, there's a per process check that overrides this - each new process requires approval - they had this warning in an earlier version "this is what we do.... insanely" now that's gone leading to more confusion.. I literally have no idea how they can support this stance unless they are avid tmux users with air fingerprint readers
As a paying client and a fan boy, I absolutely say that we need a far easier alternative, even if it means less secure, for people sitting on Ubuntu as their main development machine. Not server. But also not a Mac laptop featuring easy fingerprint unlock.
Imagine having to type ubuntu password 5 times just to open project in vs code, run docker and run composer install (private packages). It kills me to the point that I might just as well use the good old static file.
I think less safe option of whitelisting or just unlocking ssh agent for all, or unlocking once with password and then simply asking yes/no to confirm would be better. It really sucks that big time.
PS. I was on windows, but as amazing WSL 2 is, running developing natively on ubuntu just flies. And finally it unlocks the opportunity to use safer things. But not at this price where I'm actually wasting time typing the password...
Unfortunately there are no fingerprint drivers for me.
Abandoning this joke agent but grr for now still using 1pw. For now reading key out via "op read op://Personal/key2022-wrk/..." and seeding a working ssh-agent that doesn't have this silly workflow.. What a waste of a potentially solid product just because they want to enforce the macbook air myway or the highway
Hi @sitepodmatt / @julemand:
Thanks for your feedback on this. While I can't promise anything, we're exploring additional options.
Would you mind sharing which channel of 1Password you're using (production, beta, nightly)?
Hey @Jack.P_1P, I am on the beta channel.
I share the same sentiment as @julemand and @sitepodmatt, without a fingerprint scanner like Macs have it's quite the hassle to have to enter the password so often.
I've just double checked, and today's beta release contains a fix for the setting not persisting after 1Password is quit. After updating, let me know if you're still running into trouble.
Hey @Jack.P_1P, I just updated to 1Password for Linux 8.10.0 (81000012) and the setting does persist now.
1Password for Linux 8.10.0 (81000012)
This at least saves some time entering passwords when working in tmux.
Glad to hear it!
Moved to BitWarden. Enough of the "you're holding it wrong"
I had intended to stay with 1pw tbh, and workaround their strict ssh agent ideologies of prompt prompt prompt, run the usual ssh-agent and populate ssh-agent with "op read" cli however it doesn't maintain a local cache so each lookup takes a second to populate 6 ssh keys each startup is expensive time wise. using bitwarden cli I can populate ssh-agent as it maintains a local cache (does pass through writes and has bw sync - to collect remote writes), working beautifully...
It's been fun, but ultimately this fingerprint/macbook via tmux obsession of 1pw devs has lead me to a better place, basics like new entry fields are masked by default too, and cheaper too (but we are talking dollars a year still).
This prompt requesting my approval to access a SSH key every time I open an application is really, really, reeeeeally annoying!