Creating ssh key in a shared vault should generate warning

rodneyt

https://developer.1password.com/docs/ssh/manage-keys
"Stored in the Private or Personal vault of any of your 1Password accounts"

Attempting to generate or save an SSH key in other vault types should at least show a warning explaining the key won't be useable in CLI tooling...

This is an annoying limitation, one of the scenarios is creating keys that you want to share with a team member - while still retaining control of keys within 1password. I really hope this is reconsidered in a future update.

---

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

austin

A warning would be good, but I had a very good reason for creating an SSH in a shared vault today: we’re putting it in an external system. The only thing I’m not 100% happy about is that the way that it was exported doesn’t appear to be compatible with Jenkins (I think that the private key copy is different than what can be obtained with op).

floris_1P

We'll have a (better) warning in very soon, and support for using keys in other vaults will follow.

@austin About Jenkins, which key format is the culprit? The one you get in op or the one you get when copying it in the GUI?

austin

It’s not the key format. It’s Jenkins. It doesn’t know how to deal with ed25519 keys, yet.

floris_1P

@rodneyt @austin
I wanted to let you know that we're working on a solution that allows for the following:

• Enable keys from other vaults than the Private vault.
• Create isolated setups with certain keys offered on a separate socket.
• Control the order in which keys are offered to SSH servers.
  It would be great to get your feedback on our proposal, if you're (still) interested. You can do so by joining the #ssh-agent-config channel in our Slack workspace.