1Password on Mastodon

secrets in a devcontainer setup

Community Member

I would like to use 1password in a devcontainer setup (remote machine; connected via ssh) to initialize some secrets for my developer environment. I currently have:

curl -sS https://downloads.1password.com/linux/keys/1password.asc | \
  sudo gpg --dearmor --output /usr/share/keyrings/1password-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/1password-archive-keyring.gpg] https://downloads.1password.com/linux/debian/$(dpkg --print-architecture) stable main" |
  sudo tee /etc/apt/sources.list.d/1password.list
sudo mkdir -p /etc/debsig/policies/AC2D62742012EA22/
curl -sS https://downloads.1password.com/linux/debian/debsig/1password.pol | \
  sudo tee /etc/debsig/policies/AC2D62742012EA22/1password.pol
sudo mkdir -p /usr/share/debsig/keyrings/AC2D62742012EA22
curl -sS https://downloads.1password.com/linux/keys/1password.asc | \
  sudo gpg --dearmor --output /usr/share/debsig/keyrings/AC2D62742012EA22/debsig.gpg
sudo apt update && sudo apt install 1password-cli
eval $(op signin)

...in my setup.sh that is run as part of my devcontainer setup.

However, I then have to manually sign in during the setup, which requires 4 items of information to type in, including a long secret key. After the setup is complete, I then have to sign in again via eval $(op signin) if I want to use op within my devcontainer.

Is there a better way? If yes, it would be great to have specific documentation on best-practices for using 1password with devcontainers (and remote ssh).

1Password Version: 2.13.1
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided
Referrer: forum-search:vs code


  • Jack.P_1PJack.P_1P

    Team Member

    Hi @nyoungb2:

    Great question! If you're looking to use secrets in a non-interactive flow, like remote machines, 1Password Secrets Automation might be your best bet. This would allow you to use bearer tokens to access secrets, and ensure that they're only scoped to vaults that contain the specific secrets you're looking to use on that machine. Let me know if that helps, or if you'd like to dig in a bit further.


  • nyoungb2nyoungb2
    Community Member
    edited February 19

    So there's no way to provide my sign-in address and email op signin? I always have to manually typo both when running eval $(op signin)?

    I also have to get a "New 1Password sign-in from XXX" notification email every time? This gets really tedious when re-building devcontainers.

  • nyoungb2nyoungb2
    Community Member

    @Jack.P_1P are there any plans on creating a 1password devcontainer feature that specifically helped automate devcontainer setup with 1password (e.g., automatically injecting 1password secrets into the postCreateCommand script for the devcontainer setup, with secrets used from the developer's local 1password app)?

  • nyoungb2nyoungb2
    Community Member

    More generally, I would think that the following would work with the 1password extension:

        "containerEnv": {
            "AWS_ACCESS_KEY_ID": op://Private/AWS/username,
            "AWS_SECRET_ACCESS_KEY": op://Private/AWS/credential,
            "AWS_DEFAULT_REGION": op://Private/AWS/region

    but adding that to my devcontainer.json does nothing. If I run 1password: Preview with secrets, then my AWS secrets are correctly substituted in the preview, but those secrets are not substituted when I re-build my container. I also cannot hover over the op:// links and see references to the secrets, as shown in https://www.reddit.com/r/1Password/comments/vp19zy/introducing_1password_for_vs_code/.

  • nyoungb2nyoungb2
    Community Member

    In regards to the "cannot hover over the op:// links" issue, I did some testing, and the hover only works for log projects, and not remote ssh connections. Maybe that is also the issue with my "containerEnv" issue. If this is the case that the 1password extension does really work for remote ssh connections, then this should be clear in the docs.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file