1Password asking for permission each time

Hi @sitepodmatt / julemand:

Thanks for your feedback on this. While I can't promise anything, we're exploring additional options.

@N33T:

Would you mind sharing which channel of 1Password you're using (production, beta, nightly)?

Jack

Abandoning this joke agent but grr for now still using 1pw. For now reading key out via "op read op://Personal/key2022-wrk/..." and seeding a working ssh-agent that doesn't have this silly workflow.. What a waste of a potentially solid product just because they want to enforce the macbook air myway or the highway

As a paying client and a fan boy, I absolutely say that we need a far easier alternative, even if it means less secure, for people sitting on Ubuntu as their main development machine. Not server. But also not a Mac laptop featuring easy fingerprint unlock.

Imagine having to type ubuntu password 5 times just to open project in vs code, run docker and run composer install (private packages). It kills me to the point that I might just as well use the good old static file.

I think less safe option of whitelisting or just unlocking ssh agent for all, or unlocking once with password and then simply asking yes/no to confirm would be better. It really sucks that big time.

PS. I was on windows, but as amazing WSL 2 is, running developing natively on ubuntu just flies. And finally it unlocks the opportunity to use safer things. But not at this price where I'm actually wasting time typing the password...

Unfortunately there are no fingerprint drivers for me.

Unfortunately, and rather insanely, it's not "per application" as they suggest, there's a per process check that overrides this - each new process requires approval - they had this warning in an earlier version "this is what we do.... insanely" now that's gone leading to more confusion.. I literally have no idea how they can support this stance unless they are avid tmux users with air fingerprint readers

Hi all, the addition of asking per application is great.
However I noticed that 1Password isn't saving this settings, every time 1P is killed (either by reboot or stopping it completely).
I am currently running: 1Password for Linux 8.10.0 (81000009)

My terminals are ephemeral and I'm happy with the setup - I'd need a strong reason to change than 1password telling me this is the way - also TouchID and iWatch approval aren't available in Ubuntu (most fingerprint readers dont have drivers). I connect to dozens of endpoints per day and having to retype password possibly 100+ times a day is extremely annoying. The point being the suitability of the ssh agent product is narrowly scoped to a specific workflow and seems heavily biased to mac users - if you have a persistent process (vscode) and some timeout period then sure you might not be bothered but otherwise it can be a major PITA. There is no good reason for "new processes always require approval" not being toggleable. If only Keepass-xc had a cloud version..

if you have git configured to use an ssh key for signing or you do a push to GitHub or something using ssh, then yes, you'll have to approve it the first time you do a commit or a push in a vscode terminal. it also happens again after some timeout period.

Personally I don't see the issue. Until recently I had a 2015 iMac and I had to type in the password on these occasions. I did. I did not get mad.

Now I have an M1 Pro MBP and I can either use my watch to approve or use Touch ID to approve. I do. I do not get mad.

The timeout period always seems reasonable to me. It doesn't require it each time, and I'm using it for ssh, for git signing, and for GitHub.

I also haven't had any issues with Face ID on iOS using 1Password 8, but maybe I'm just lucky.

Unfortunately they are being die hard that their processes are the one-way and only-way, the 1password devs run a persistent tmux session and on the occasions they are prompted they thumb that little button on their macbooks...

So everyone else is screwed by "new processes always require approval" (I suspect your case vscode is calling git from a new bash shell each time - so the parent process is different)... between this and the v8 iOS faceid fiasco im seriously considering going back to keepass-xc - paid for a year though so quite annoying

I have enabled "Remember key approval: until 1Password quits" and "Ask approval for each new: application" and yet it still expires every time, and I have to re-authorize the agent when VSCode runs a background git pull.

Yeah - I'm coming from KeepassXC - where the SSH Agent doesn't prompt me at all (which I prefer) as long as the keychain is unlocked.

Given that I have background sync processes, backups, ssh sessions etc etc etc, getting prompted every 5 minutes is a royal pain in the butt.