Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Specify the path to the SSH agent socket ?
Currently, the 1Password ssh agent socket is set to ~/.1Password/agent.sock on Linux, and ~/Library/Group\ Containers/2BUA8C4S2C.com.1password/t/agent.sock on macOS (as per https://developer.1password.com/docs/ssh/agent/config). Would it be possible to modify that path ? It could then be set to respect the $XDG_DATA_HOME variable on Linux, or could be set to a custom path. I propose using the agent.toml configuration file, and store that path under the following table: ```toml [ssh-agent] socket = "$XDG_DATA_HOME/1Password/agent.sock" The tables below would behave as usual... [[ssh-keys]] item = "..." ... ``` 1Password Version: 8.10.54 Extension Version: 8.10.55.2 OS Version: Fedora 41 Browser: Not Provided
Git commit signing - can't find op-ssh-sign
I have followed the https://developer.1password.com/docs/ssh/git-commit-signing for setting up git commit signing. In https://developer.1password.com/docs/ssh/git-commit-signing#step-1-configure-git-commit-signing-with-ssh, step 2 tells me to click the three dots and select Configure Commit Signing and shows a screenshot of the window you should see. I do not have that option in my three-dots menu when viewing my SSH Key: I also found https://youtu.be/BMFvhl0WRFQ, which shows a Next Step: Sign Your Git Commits message when viewing an SSH Key in 1Password. But I don't see this message either. Instead, I used the config from https://developer.1password.com/docs/ssh/git-commit-signing#configure-multiple-commit-signing-setups and manually entered it into my .gitconfig . But when I try to commit a change, I get the following error: fatal: cannot run /Applications/1Password.app/Contents/MacOS/op-ssh-sign: No such file or directory Looking in the MacOS directory, there is only one file in there called 1Password . Any ideas? 1Password Version: 8.8.0 Extension Version: 2.3.7 OS Version: macOS 12.5.1 Browser:_ Chrome
[Linux] Use $XDG_RUNTIME_DIR instead of $HOME/.1password?
I like to try (although not very successfully) to keep my home directory clean of unnecessary dotfiles. While this is a very cool feature, I think it makes more sense to keep the socket in $XDG_RUNTIME_DIR . This seems to be what the directory is made for, and would prevent another folder under the home directory. From the https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html: $XDG_RUNTIME_DIR defines the base directory relative to which user-specific non-essential runtime files and other file objects (such as sockets, named pipes, ...) should be stored. The directory MUST be owned by the user, and he MUST be the only one having read and write access to it. Its Unix access mode MUST be 0700. 1Password Version: 8.6.0~26.BETA Extension Version: 2.3.0 OS Version: Fedora Linux 35 (Workstation Edition)
Support for SSH Certificates (2024)
This question came up a couple of times in 2022, but it didn't look like anything was resolved. Since it's been two years... For those unfamiliar with the concept, SSH certificates are host and user public keys, signed by your own internal SSH CA, that ease key approval and distribution, especially in large-scale environments. Once a user has created a public-private key-pair, the public key is signed by an (internal) SSH CA. The user then uses ssh-add to add the public key and, if present, the certificate file to the user's ssh agent. https://smallstep.com/blog/use-ssh-certificates/ of how SSH certificates work. Using stock ssh-add and ssh-agent on Mac OS 14, we can see the public key and certificate both being added to the agent: $ /usr/bin/ssh-add .ssh/id_ed25519 Enter passphrase for .ssh/id_ed25519: Identity added: .ssh/id_ed25519 (<REDACTED>) Certificate added: .ssh/id_ed25519-cert.pub (chris) A remote host, when properly configured, will verify that my user certificate has not expired (expiration and inception times) and was issued by a trusted CA, whose key would have already been added to the server. This eliminates the need for me to maintain an authorized_keys file on the remote end. I was hoping to be able to store these keys in 1Password. That certainly works; however, 1Password does not support certificates in neither the user interface nor the ssh agent. 1Password derives public keys from private keys but does not provide a way for the user to upload the certificate file, above and beyond attaching an arbitrary file. The ssh agent behind the scenes presumably also does not support certificates. For the moment, I have configured my ssh client to use the stock ssh-agent for the host that uses certificates, while everything else can go through 1Password. Are there any plans to add support to the 1Password user interface and to the underlying ssh agent for certificates? Thanks! 1Password Version: 8.10 Extension Version: Not Provided OS Version: macOS 14.2.1 Browser: Not ProvidedHow to stop a running 1password ssh agent?
I was experimenting with the 1Password SSH agent and clicked on the "Set Up SSH Agent..." button. However, I couldn't find a way to undo my selection. In my opinion, there should be an option to easily cancel, reverse, or reset the settings back to their defaults in case I make changes that I'm unsure about, especially when dealing with unfamiliar settings. I attempted to uninstall 1Password and reinstall it, hoping that it would revert the changes, but unfortunately, that didn't work. 1Password Version: 8.10.8 Extension Version: Not Provided OS Version: macOS 13.4.1 Browser: Not Providedssh agent does not list my keys despite $SSH_AUTH_SOCK set
I've seen previous discussions on this topic, https://1password.community/discussion/139077/ssh-agent-wont-list-my-keys, however my current configuration has all the bits in that discussion. So, here's my current setup and configurations: I have the 1password ssh agent running per the Settings -> Developer options in 1Password. The configuration ( ~/.ssh/config ) has a Host * IdentityAgent pointing to "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock" , which I added automatically from the settings page I added the global plist per https://developer.1password.com/docs/ssh/agent/compatibility/#configure-ssh_auth_sock-globally-for-every-client and loaded it. It did not complain about errors, so I assume it's working I restarted the computer since then I made sure my zshrc does not redeclare the SSH_AUTH_SOCKET environment variable fetching private repositores from the command line works, as 1password pops up and asks me to authorize the keys in the vault, and then succeeds in using them there are no keys as files in the ~/.ssh/ directory I have an ssh agent configuration toml file which changes the order of the keys, but nothing else $ echo $SSH_AUTH_SOCK tells me it's set to /private/tmp/com.apple.launchd.IC5jFZHBxD/Listeners (unsure whether this is due to the plist file?) ps aux | grep ssh-agent tells me there's an ssh-agent process running at /usr/bin/ssh-agent -l , I don't think this is 1passwords, and I don't know what starts this one With the above, ssh-add -l tells me the agent has no identities. Ideally I would like the command to list the keys that the 1password ssh agent has 1Password Version: 8.10.18 Extension Version: 2.16.0 OS Version: macOS 14.1 Browser: Arc (chrome)
