Import SSH keys from CLI

smgt · March 2022

Hey,

Is there a good way to import ssh keys using the cli? I've been using ssh keys with op for a while before the SSH_KEY category was introduced and saving them as Secure Notes.
So I planned on trying to migrate my SECURE_NOTE to SSH_KEY. Right now the move was manual. I've have been using a shell script that I built https://github.com/smgt/dotfiles/blob/master/bin/1p-ssh (not updated for op 2.0.0) to handle this.

Another nice feature would be to expose the public key in the op item get response also, I find it handy to share my public key fast from the command line. Right now it seems to be a calculated value just kept inside 1Password GUI.

1Password Version: op v2.0.0
Extension Version: Not Provided
OS Version: Linux Arch

smgt · March 2022

So I took the time to update the script to op 2.0 but I still use SECURE_NOTE to store my ssh keys instead of the new type SSH_KEY.

Horia.Culea_1P · April 2022

Hey @smgt, thank you for reaching out to us.

We have an internal issue open on enabling the creation of SSH key items, that is on our short roadmap.
I'll keep this ticket updated with the progress on that, thank you for bringing this to our attention!
Additionally, we're currently working on making op item get display the same attributes as the other 1Password clients, when it comes to SSH Keys (type, fingerprint, public key). That should be released pretty soon, so stay tuned!

Best,
Horia

smgt · April 2022

Wonderful! Thank you!

Horia.Culea_1P · April 2022

No worries, let us know if we can help with anything else!

scottelundgren · April 2022

+1 for both features import key via CLI & get SSH key item via CLI

Horia.Culea_1P · May 2022

Thank you for your suggestions! We're currently working on providing a view of SSH Key items that's more in line with the other clients: including public key, type, fingerprint etc.

In the meantime, op item get SSH-Key will only return the private key, as a field.

Importing the key via CLI is on our roadmap as well, so stay tuned!

Best,
Horia

dwillitzer · July 2022

+1 bump for both CLI features importing key & get SSH key item.

tschifftner · August 2022

+1 This feature is crucial!

Is there any chance to see the Roadmap or even contribute to CLI? I did not find CLI project on Github...

Horia.Culea_1P · August 2022

Hey all,

Thanks for all the feedback! For the moment, the CLI is closed-source. We're having internal discussions related to open-sourcing, but nothing has been planned yet.
Related to importing&getting SSH keys with the CLI - retrieving keys should already be possible. op item get should be able to return all the fields of an SSH key. I'll try to make a case for prioritising SSH import through the CLI. No promises, though :D We'll keep everyone updated, when something starts moving on this front.
Thank you for all the suggestions and the enthusiasm.

Best,
Horia

smgt · August 2022

Open sourcing the CLI would be a nice edition. 👍

mickael · August 2022

I created op-tools mainly to manage my SSH Keys. The current implementation in 1Password is a good step forward but still limited for my usage.

Have a look at:

Usage: op-tools new-ssh-key [OPTIONS]

  Generates a new SSH key and store it in 1Password. Additional information
  are stored also to generate SSH config file when imported.

Options:
  --return-field TEXT          Field value to return
  --account TEXT               Account to use (shorthand)
  --vault TEXT                 Vault uuid where to store the information
  --title TEXT                 Name of the 1Password item
  --notes TEXT                 Note
  --from-user TEXT             User who is responsible from initiating the
                               connection, default current user.
  --from-host TEXT             Host from where the SSH connection starts,
                               default current hostname.
  --to-user TEXT               Remote user, prompted if empty.  [required]
  --to-host TEXT               Remote server hostname, prompted if empty.
                               [required]
  --to-host-abbreviated TEXT   Alias of the remote server hostname used to
                               initialize connection.
  --no-passphrase TEXT         Create ssh key without passphrase.
  --passphrase TEXT            Use this passphrase instead of an autogenerated
                               one.
  --passphrase-length INTEGER  Length of the autogenerated passphrase.
  --port INTEGER               Remote port
  --help                       Show this message and exit.

and

Usage: op-tools ssh-add [OPTIONS] [SEARCH]

  Loads a SSH key stored in 1Password by searching [SEARCH] in uuid or in
  item title, and creates a ssh configuration file of the following format:

  Match originalhost [<Alias>][<Hostname> user <Remote user>]
    IdentitiesOnly yes
    IdentityFile <path to key file>
    Hostname <Hostname>
    User <Remote user>
    Port <Port>

Options:
  -D                    cleanup ssh agent and remove all 1Password managed
                        keys and configuration
  --no-ssh-config TEXT  Do not create ssh config file
  --help                Sho

Note that currently ssh-add uses 1password local search which is a reverse engineering decryption of 1password database locally to increase performance and is not compatible with biometric auth. This is something that should be changed because performance is not a concern for SSh key management.

tschifftner · August 2022

+1 This is a must have feature

Open sourcing the cli would help all of us making 1Password the best password manager

andi.t_1P · August 2022

Thanks for your feedback!

Import SSH keys from CLI

Comments