It’s Cybersecurity Awareness Month! Join our interactive training session, or learn about security and AI from 1Password experts.
"Connection Refused" when accessing 1Password ssh-agent within DevContainer
I've been trying to get this to work for a few hours and I'm at a loss for what to do next, so asking for ideas about what the problem could be. My software stack is macOS 26/Tahoe, 1Password 8.11.16, Orbstack (for containers), and VSCode w/DevContainers. I have my SSH keys in 1Password and when executed from the host system, the keys are visible (and SSH works): % SSH_AUTH_SOCK="${HOME}/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock" ssh-add -l 256 SHA256:... (ED25519) % ssh -T git@github.com Hi <username>! You've successfully authenticated, but GitHub does not provide shell access. I have the DevContainer configuration to bind-mount the socket into the container and set a proper `SSH_AUTH_SOCK` value: "mounts": [ "source=${env:HOME}/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock,target=/tmp/ssh-agent-1password.sock,type=bind" ], "remoteEnv": { "SSH_AUTH_SOCK": "/tmp/ssh-agent-1password.sock" }, ... when I am in the container, the socket looks right, `SSH_AUTH_SOCK` is correct, but `ssh-add` fails to connect with an error: root@5a53d7e1c685:/tmp# ls -la ssh-agent-1password.sock srw------- 1 root root 0 Nov 2 16:36 ssh-agent-1password.sock root@5a53d7e1c685:/tmp# echo $SSH_AUTH_SOCK /tmp/ssh-agent-1password.sock root@5a53d7e1c685:/tmp# ssh-add -l Error connecting to agent: Connection refused I've verified that the directory itself IS accessible to docker by changing `source=${env:HOME}/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock` to be `source=${env:HOME}/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sockk` and restarting the container -- when I do that, the directory `agent.sockk` is created within the directory as expected (which I am interpreting as evidence that Docker can traverse all the way to the directory and create a sub-folder within it). I suspect what is happening is that 1Password is blocking the connection entirely (meaning it isn't a filesystem permissions error or otherwise), but I'm not sure how to prove that is the case or how to fix it if it IS the case. Any ideas for diagnostic steps to take next?
Cannot create now service account or rotate token
I'm having trouble creating new service account or rotating existing service account token with 500 error: Attempts via op CLI fails as well. $ op service-account create ... [ERROR] 2025/10/20 17:01:12 (500) Internal Server Error: Server experienced a fatal error. There's no sign of outage in service account at https://1password.statuspage.io/. Has anyone experienced the same thing?Desktop Integration Cannot Find App
Hi All, Just started testing out the Desktop Integrations approach and seem to be running into an error with actually loading the app itself. Python is raising a FileNotFoundError and seems to not be able to find a library file in my 1Password Desktop application. I'm not sure how readily I can share further logs without leaking project details or system specifics, but the files that the integration is erroring on are: lib_path = '/Users/wileydavis/Applications/1Password.app/Contents/Frameworks/libop_sdk_ipc_c'+11 │ │ │ │ locations = [ │ │ │ │ │ '/Applications/1Password.app/Contents/Frameworks/libop_sdk_ipc_client.dylib', │ │ │ │ │ '/Users/wileydavis/Applications/1Password.app/Contents/Frameworks/libop_sdk_ipc_c'+11 │ │ │ │ ] │ │ │ │ os_name = 'Darwin' #beta-sdk-desktop-integrations
Severe slowdown in Chrome with 1Password extension 8.11.12.27 on pages with many inputs
Since updating to 1Password extension 8.11.12.27 in Chrome, pages with forms containing thousands of inputs freeze on load. The problem also occurs with many hidden inputs, which should not be processed by the extension. We run an application that makes heavy use of hidden inputs. With earlier versions of the extension this was not a problem. Profiling shows high CPU use in openOrClosedShadowRoot(), especially when called on the form element containing many inputs. After load, the function runs instantly, so the slowdown is tied to the extension’s initial DOM scan. Steps to Reproduce: Install 1Password extension v8.11.12.27 in Chrome. Open a form with thousands of inputs, including hidden ones. Example: https://inputs-1password.netlify.app/ On load, clicking buttons or opening the context menu is impossible. Chrome stays frozen until the extension finishes scanning. Expected Result: Pages should load normally, regardless of number or type of inputs. Actual Result: Pages freeze during load due to heavy time spent in openOrClosedShadowRoot(). Impact: Severe slowdown in apps with large forms. Users blocked from working with affected pages. Disabling Autofill options does not help. Using "Hide on this page" does not help. Adding data-1p-ignore to every input is not feasible for us. Rolling back the extension is not practical. Workarounds: None viable for production. Proposed fixes: Optimize DOM traversal or revert to the previous methods. Support a parent-level attribute to exclude all children from scanning. Ensure that when the extension is disabled for a page, it truly does not inject or process elements on that page.ssh agent and ansible 12 prompting incessantly
I've been using the SSH Agent in 1Password for a couple of years now, with very little trouble. This includes lots of SSH to individual machines as well as a fair amount of ansible scripting using versions prior to 12 and run directly from Terminal. Recently, I did a `brew upgrade` and ended up with Ansible 12. After that, it has become commonplace that ansible scripts run on my local machine and talking to nearby devices over the network result in 1passwd SSH agent prompting for every...single...command. I rolled back to ansible 10 (11 not available directly in Brew any longer) and the behavior returned to normal: prompting at the outset of my ansible script and not again until the next time I run a script. Running Ansible (as opposed to directly sshing in Terminal) has always prompted at the run, and usually for each individual destination machine, but that has been it. With the change to Ansible 12, the prompting from the SSH agent in 1password is now such that it is not usable. For the time being, I can roll back to ansible 10, but that won't be the case forever. Does anyone else have experience with this? Any recommendations for either diagnostics or solutions other than just disabling 1password's otherwise-highly-useful SSH Agent?
"op inject" does not find item in vault
Hi, I'm currently trying to generate a .env file locally using a .env.reference containing secret references, but I keep getting an error when running op inject. Any help on this would be much appreciated. --- .env.reference APP_ENV="op://Env_Server_Local/APP_ENV/password" FRONTEND_APP_URL="op://Env_Server_Local/FRONTEND_APP_URL/password" SERVER_URL="op://Env_Server_Local/SERVER_URL/password" > When running op read, it works % op read op://Env_Server_Local/APP_ENV/password development > When running op inject to generate the .env file, it fails. The secret does exist and was not deleted or archived. % op inject -i packages/server/.env.reference -o packages/server/.env [ERROR] 2025/06/13 08:45:14 could not find item APP_ENV in vault Env_Server_Local, because it has been deleted or archived. Please restore the item if you want to use it with secret provisioning. I feel it might be due to adding new items to the vault / updating existing items. --- 1password-cli : 2.31.1 desktop app: 1Password for Mac 8.10.80 (81080023) ---- This is blocking us from fully integrating 1password as secrets manager. Any help appreciated 🙏
ssh not working in dev-containers/wsl2 after last update...
Hello community! I need straightforward way to work with wsl2 and dev-containers.... It's always some level of nightmare to work with 1Password and SSH agents on Windows11/WSL: Could you help with WORKING SOLUTION (manual, article) for wsl2 and dev-containers to be able to work with Git and commit signing. I use Docker Desktop + WSL2 as a backend, GitHub SSH key for auth and commit signing. For now, I don't see ways better than use private keys in files with ssh configs. One time I used this for setup, but last week all functionality dropped again: https://vinialbano.com/how-to-sign-git-commits-with-1password/ reference repo here: https://github.com/levpa/golang-try
1Password Connect and Plan Upgrade
Hi im currently using 1password team edition and looking to upgrade to Buisness, and have a question. Upgrading will that affect the token that i have and will i have to reissue it? Secondly, we'd also be looking to enable SSO would that also impact the usage of the token, also when troubleshooting we make use of 1password desktop would that impact the desktop usage as well?
