Import SSH keys from CLI

Community Member


Is there a good way to import ssh keys using the cli? I've been using ssh keys with op for a while before the SSH_KEY category was introduced and saving them as Secure Notes.
So I planned on trying to migrate my SECURE_NOTE to SSH_KEY. Right now the move was manual. I've have been using a shell script that I built (not updated for op 2.0.0) to handle this.

Another nice feature would be to expose the public key in the op item get response also, I find it handy to share my public key fast from the command line. Right now it seems to be a calculated value just kept inside 1Password GUI.

1Password Version: op v2.0.0
Extension Version: Not Provided
OS Version: Linux Arch


  • smgtsmgt
    Community Member

    So I took the time to update the script to op 2.0 but I still use SECURE_NOTE to store my ssh keys instead of the new type SSH_KEY.

  • Horia.Culea_1PHoria.Culea_1P

    Team Member
    edited April 5

    Hey @smgt, thank you for reaching out to us.

    We have an internal issue open on enabling the creation of SSH key items, that is on our short roadmap.
    I'll keep this ticket updated with the progress on that, thank you for bringing this to our attention!
    Additionally, we're currently working on making op item get display the same attributes as the other 1Password clients, when it comes to SSH Keys (type, fingerprint, public key). That should be released pretty soon, so stay tuned!


  • smgtsmgt
    Community Member

    Wonderful! Thank you!

  • Horia.Culea_1PHoria.Culea_1P

    Team Member

    No worries, let us know if we can help with anything else!

  • scottelundgrenscottelundgren
    Community Member

    +1 for both features import key via CLI & get SSH key item via CLI

  • Horia.Culea_1PHoria.Culea_1P

    Team Member

    Thank you for your suggestions! We're currently working on providing a view of SSH Key items that's more in line with the other clients: including public key, type, fingerprint etc.

    In the meantime, op item get SSH-Key will only return the private key, as a field.

    Importing the key via CLI is on our roadmap as well, so stay tuned!


  • dwillitzerdwillitzer
    Community Member

    +1 bump for both CLI features importing key & get SSH key item.

  • tschifftnertschifftner
    Community Member

    +1 This feature is crucial!

    Is there any chance to see the Roadmap or even contribute to CLI? I did not find CLI project on Github...

  • Horia.Culea_1PHoria.Culea_1P

    Team Member

    Hey all,

    Thanks for all the feedback! For the moment, the CLI is closed-source. We're having internal discussions related to open-sourcing, but nothing has been planned yet.
    Related to importing&getting SSH keys with the CLI - retrieving keys should already be possible. op item get should be able to return all the fields of an SSH key. I'll try to make a case for prioritising SSH import through the CLI. No promises, though :D We'll keep everyone updated, when something starts moving on this front.
    Thank you for all the suggestions and the enthusiasm.


  • smgtsmgt
    Community Member

    Open sourcing the CLI would be a nice edition. 👍

  • mickaelmickael
    Community Member
    edited August 7

    I created op-tools mainly to manage my SSH Keys. The current implementation in 1Password is a good step forward but still limited for my usage.

    Have a look at:

    Usage: op-tools new-ssh-key [OPTIONS]
      Generates a new SSH key and store it in 1Password. Additional information
      are stored also to generate SSH config file when imported.
      --return-field TEXT          Field value to return
      --account TEXT               Account to use (shorthand)
      --vault TEXT                 Vault uuid where to store the information
      --title TEXT                 Name of the 1Password item
      --notes TEXT                 Note
      --from-user TEXT             User who is responsible from initiating the
                                   connection, default current user.
      --from-host TEXT             Host from where the SSH connection starts,
                                   default current hostname.
      --to-user TEXT               Remote user, prompted if empty.  [required]
      --to-host TEXT               Remote server hostname, prompted if empty.
      --to-host-abbreviated TEXT   Alias of the remote server hostname used to
                                   initialize connection.
      --no-passphrase TEXT         Create ssh key without passphrase.
      --passphrase TEXT            Use this passphrase instead of an autogenerated
      --passphrase-length INTEGER  Length of the autogenerated passphrase.
      --port INTEGER               Remote port
      --help                       Show this message and exit.


    Usage: op-tools ssh-add [OPTIONS] [SEARCH]
      Loads a SSH key stored in 1Password by searching [SEARCH] in uuid or in
      item title, and creates a ssh configuration file of the following format:
      Match originalhost [<Alias>][<Hostname> user <Remote user>]
        IdentitiesOnly yes
        IdentityFile <path to key file>
        Hostname <Hostname>
        User <Remote user>
        Port <Port>
      -D                    cleanup ssh agent and remove all 1Password managed
                            keys and configuration
      --no-ssh-config TEXT  Do not create ssh config file
      --help                Sho

    Note that currently ssh-add uses 1password local search which is a reverse engineering decryption of 1password database locally to increase performance and is not compatible with biometric auth. This is something that should be changed because performance is not a concern for SSh key management.

  • tschifftnertschifftner
    Community Member

    +1 This is a must have feature

    Open sourcing the cli would help all of us making 1Password the best password manager

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file