SSH and Git, meet 1Password 🥰

SSH and Git, meet 1Password 🥰

Dave Teare by Dave Teare on

1Password now includes full support for SSH keys, providing the easiest and most secure way for developers to manage SSH keys and use Git in their daily workflow.

The magic of 1Password has always been making the secure thing to do the easy thing to do. Today I’m thrilled to announce that we’re bringing this magic to development teams everywhere with the all-new 1Password SSH Agent. 🦄

In today’s release 1Password can now create new SSH keys, keep them organized, and make them securely available everywhere you need them with just a few clicks. Best of all, each feature was built for developers, by developers, so they fit perfectly in your existing workflows.

Our private beta hit #1 on Hacker News last month so it seems we’re not the only ones that had this itch. 😍

Using SSH keys is now as easy as 1, 2, 3…

Many toolchains and workflows rely on SSH keys. Everything from git to scp to logging into remote servers require properly configured SSH keys before being able to get your work done.

It goes well beyond ssh-keygen, too. You need to protect the generated key, keep it backed up, and have it available when setting up new machines. Oh, and don’t forget to tell ssh-add to remember the passphrase in the keychain on your new machine. I think it’s -K.

1Password now takes care of all of this for you. Just follow these 3 steps:

  1. Enable the SSH agent in 1Password > Preferences > Developer

    1Password SSH Agent preferences checkbox
  2. Configure ssh to use 1Password

    $ cat ~/.ssh/config
    Host *
    	IdentityAgent "~/.1password/agent.sock"
  3. Generate an SSH key in 1Password and add the public key to each service (e.g. GitHub, GitLab, etc).

That’s it! And yes – I know that third step sounds like draw the rest of the f**king owl, but it’s truly just a couple of clicks.

Let’s see just how easy it is by setting up a new git project.

Authorize Git with ease

Joining a new project can be daunting. There are new people, new workflows, and a whole new codebase to learn. This is challenging enough, so the last thing you want to do is spend a day wrestling with SSH keys.

Thankfully, the magic of 1Password allows everyone on your team to get up to speed lightning quick. ⚡️ Two clicks and you’re done.

Seriously, in under a minute you can create a brand new SSH key and an entirely new repo. 🤯

Here we see 1Password making it a snap to log in to GitHub like it always has, and then proceed to:

  • Generate a new SSH key (either Ed25519 or RSA)
  • Fill the public key directly where its needed
  • Store the key securely, and
  • Authorize access using Touch ID when git asks to sign a message

All that in 53 seconds. And I paused twice so I could zoom in and show you the details. 🙂

More secure than ssh-agent

The default ssh-agent allows any process on your system to sign messages with your private key. With the 1Password SSH Agent you authorize access explicitly, making things more secure and putting you in control.

Most days start with git pull so let’s see how things will look while you’re enjoying your morning ☕️ or your Monster Energy Lo-Carb. 😈

When Git goes to pull from upstream, it will need access to your SSH key before it can connect to the server. 1Password will ask if you want to proceed and you can confirm with a fingerprint on Mac and Linux or with a smile on Windows.

1Password CLI Touch ID authorization

Once a process is authorized to use an SSH key, 1Password will sign messages using the key on behalf of the process. Only processes that you’ve explicitly authorized will have access, and the private portion of the key never leaves 1Password.

Safe and sound, all within 1Password

Add your existing (modern) keys to 1Password or create new ones to replace your legacy ones, and easily find and organize them with the new dedicated category for SSH keys.

And since they’re all in 1Password, your SSH keys will always be available on all of your devices.

SSH key item in 1Password Create and fill SSH key popup on GitHub using 1Password in your browser

Available today in 1Password 8

All of this and more is available today in 1Password 8.

See the 1Password for SSH & Git docs for more details, and please join us in our SSH forum or poke me on Twitter to share your experiences.

Also be sure to stop by our AMA on Thursday to meet the team behind these features. You’re also welcome to join the devs for some command line and SSH demos on March 30th.

Free for OSS teams

1Password would not be possible without the incredible work of the open source software community. From Rust and Golang to React and Neon – and many more – we’re thankful for these free software projects and are committed to giving back.

In that spirit and as our way of saying thanks, open source teams can get a free 1Password account simply by opening a pull request against the 1Password for Open Source Projects repo. These accounts also include unlimited use of Secrets Automation. To date, more than 360 open source projects are using 1Password.

Oh, and one more thing…

SSH keys aren’t the only secrets developers need for getting their work done. Developers need deployment keys, access tokens, bearer tokens, and many other secrets or they’re stuck. And these secrets are literally keys to various kingdoms so they need to be kept secure.

So what do you do? Sacrifice security and store them in plain text RC files? 😱 Abandon productivity and manually copy and paste them? 😩 Leave it for devops to worry about? 🤨

Not at all. Instead, integrate 1Password directly into your scripts and commands using op, a new CLI tool that makes accessing secrets from the command line as easy as it is in your browser.

See Your CLI wish is our command for details and join the thousands of developers and IT admins who are using 1Password CLI to script their workflows with secrets from 1Password.

Take care and stay safe out there. ❤️

Popup window to authorize SSH key use in 1Password using an Apple Watch

Founder of 1Password

Dave Teare - Founder of 1Password Dave Teare - Founder of 1Password

Tweet about this post