So I now store my SSH private keys in 1Password. One problem I have with that is that some clients really need the private key files on disk to work (Sequel-Ace, to name one). So I thought I could create a simple command-line script that would use op to export my SSH private key to a file, and then delete that file a few seconds later, allowing those "legacy" clients to connect using my private key. But I just can't find how to use op to export my private key as an OpenSSH private key. If I download the key from the 1Password 8 client, I get a text file that starts with -----BEGIN OPENSSH PRIVATE KEY----- But if I use the CLI like this : op read op://Personal/id_ed25519/'private key', I instead get a key that starts with -----BEGIN PRIVATE KEY----- So, how can I export an OpenSSH private key using CLI? Or is there another way to export my SSH keys to disk? Thanks 1Password Version: CLI 2.0.0 Extension Version: N/A OS Version: macOS 12.3

When I load the ssh private key from op I get the correct key. I use the openssh ssh-agent (not 1password) and I can just pipe the key to ssh-add. ssh-add <(op read op://Personal/key/private_key)

Thank you for pointing this out, @jrmoulton! I have opened an internal ticket for investigating this. We'll keep this thread updated with anything that may come out of it. Once again, thanks for reporting this, and let us know if we can help with anything else! Best, Horia

Same problem the exported key is not a private ssh key.

Hey @Plivox - just to clarify - do you get that error message when running this command? ssh-add <(op read op://Personal/key/private_key)

How to export SSH private key using CLI?

Former Member
3 years ago
Thanks Plivox!
Will add this to the issue.

Best,
Horia
Former Member
3 years ago

Hey @Plivox - just to clarify - do you get that error message when running this command? ssh-add <(op read op://Personal/key/private_key)

Error loading key "...": invalid format
Former Member
3 years ago
Thanks gboudrea and @andrepereira ,

I'll file a bug to ensure that there is a way to retrieve a formatted version of the private key.
Former Member
3 years ago
@"Justin.Yoon_1P" version 2.4.1
gboudrea
Occasional Contributor
3 years ago
```
gb@MacBook-Pro:~ $ op --version
2.4.1

gb@MacBook-Pro:~ $ op read op://Personal/id_ed25519/'private key'
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
```
Former Member
3 years ago
Hey @andrepereira

Thank you for responding anyway!

I'd like to file an internal issue for this, but before I do, may I just confirm that you are on the latest version of op?

We introduced some improvements to SSH Key item rendering in v2.3.0.
Former Member
3 years ago
What I ended up doing was to create another entry with document type and copied the private key from the ssh type entry, then doing this:

ssh-add <(op document get 'private_key')
Former Member
3 years ago
Same here, @"Justin.Yoon_1P" though you didn't ask me, given no one responded yet, I confirm running the command you suggested I get the following error:

Error loading key "/var/folders/y_/yfcgp8dj37b14jrlq2pq0rqm0000gq/T//.psub.Cz9bsuaXei": invalid format

Maybe the CLI could provide something similar to the --otp flag to export the private key suitable to be imported by ssh-add?
Former Member
3 years ago
Hey @Plivox - just to clarify - do you get that error message when running this command? ssh-add <(op read op://Personal/key/private_key)
Former Member
3 years ago
Same problem the exported key is not a private ssh key.

Forum Discussion

How to export SSH private key using CLI?

Recent Discussions

Repeated errors using git on CLI, VSCode

Azure container app provisioning not working

SCIM - Hosting Redis Externally

GPG support? (like SSH)

Successful authentication locally, 403 when executed on server.