I need some additional instructions on storing my AWS keys to automatically launch EC2.

machineage11
machineage11
Community Member
edited March 2016 in 1Password in the Browser

How can I use 1 Password for logging into AWS EC2 instances?
The keys seem unnaturally long for the password field value in the Login form.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: kb:ssh-logins, kb-search:ssh, kb:ssh-logins, kb-search:ssh, kb:ssh-logins

Comments

  • jxpx777
    jxpx777
    1Password Alumni
    edited March 2016

    Hi, @machineage11. The first thing I'll ask is how you're using these logins. Just to be clear, 1Password only fills in web browsers using our browser extensions.

    That being said, I'll agree that if you have longer password values, they can be a bit weird in the password fields. This applies even to longer passwords generated by 1Password. If it's not something I have to type out by hand or, worse yet, read to someone, then I just put the value into the password field and let it do its thing. But even if I do, I can use Large Type to see the full value at once. I just tried this with a 100 character password and it worked great.

    Even though I can't fill these items in iTerm, I still store my SSH keys in 1Password of course. I haven't yet landed on a firm decision, but right now, I'm liking Secure Notes for this. I have used Server and Login in the past, but I am loving the flexibility of Secure Notes and I like that the note body is the subtitle, so the items I've created this way display ssh-rsa blahblahblah in the subtitle. Login is the category I recommend the least unless you do need to fill the information in a browser via our extension. I'll describe how I'm doing this with Secure Notes, but you can do a similar flow with other item types.

    I store the public key text in the note body for easy copying and the passphrase for the key in a custom section with a password field. I also attach the key files themselves to the item so that it's easy to install them if I have to restore things. The passphrases are crazy long, but I keep my password fields concealed, so from shorter passwords to these crazy ones, they all display as ten bullets. To tie everything off, I give these items a special terminal shell icon to distinguish them and tag them "ssh".

    When it comes to using these items, I have a couple of different situations. One is I might be asked for the passphrase on my iPad when copying my public key, for instance. This happens very infrequently, so I'm content to go dig into my tags and look up the item. On my Mac, though, I use my passphrase pretty frequently, so I have marked it as a Favorite. When I'm prompted for the passphrase, I Option-Command-\ to bring up 1Password mini, right arrow into my Favorites, arrow down to the item, and Shift-Command-C to copy the password. 1Password mini disappears and I'm back in iTerm ready to paste my passphrase.

    Another thing I do might be helpful if you find you create lots of these items: maintain one item as a template. (I have several of these for different uses, all tagged "Template" so I can locate them quickly.) So, I have an item titled SSH Key Template. It has the custom icon, is tagged template, and has a Security section of fields with a passphrase field set to the type password so it will be concealed. The passphrase is empty. So, when I have a new SSH key to add, I locate my template and press Command-D to duplicate it. Then, I generate a passphrase, attach the key files, and save. Quick and easy.

    I hope that helps! I'd love to hear your workflow; maybe there is something you're doing that I can borrow. :)

    --
    Jamie Phelps
    Code Wrangler @ AgileBits

    ref: OPM-3911
    ref: OPM-3912

  • machineage11
    machineage11
    Community Member

    Thank you. I too am using Notes, but because I am now developing applications on AWS, I find that I will need to generate and maintain multiple keychains for different entities accessing my AWS data and services.

    1. How can I handle different keychains? There will be one for security. There will be a different key for a WP Managed Service Provider. A different key for an architect,etc.

    2. On Macs using Terminal, the first AWS key I generated is a PEM certificate. At the moment it is sitting on my desktop because I do not know where to put it. When you doubleclick on it, I find that Mac asks me where do I want to add the certificate from the file "MyFirstKeychain.pem". The keychain choices are : Login, Microsoft Intermediate Certificates, ICloud or System. Do you have a recommendation?

    I am running version 6.1 on most recent Mac OS.

    Appreciate the help

  • jxpx777
    jxpx777
    1Password Alumni

    @machineage11 I'm glad we're basically on the same page so far. The keychain stuff you're describing is related to the OS X keychains, which you can manage in Keychain Access. Here at AgileBits, we use multiple keychains for these kinds of things so that we can have the keychains lock when they're not in use rather than always being unlocked when the user account is logged in, which is the default setting for the login keychain.

This discussion has been closed.