As a consumer, I’m a bit spoiled. When I pick up my phone to check my messages in the morning, I scan my fingerprint to get instant access to everything I’ve added to my homescreen. It’s my very own personalized magic portal to all my stuff.
Even the apps themselves are (with some exceptions) built to delight.
That’s not the case for most tools that developers use every day. Once you leave the consumer ecosystem and get to work in a terminal or an IDE, the experience changes. Because of our technical know-how, we think we need complexity. But we’re here to build the software that powers the world, not necessarily to remember an arcane command and copy access keys a million times every day.
When you need to authenticate in your terminal or IDE, why can’t you just use your fingerprint, watch, or face like we can do today in most consumer products?
There’s nothing I want more than to extend the magic that we take for granted as consumers to developers. And with last week’s release of 1Password Developer Tools, starting with SSH and CLI 2.0, we’re off to a great start.
The modern developer experience isn’t so modern
My first development gig was building a web product for the Dutch Coffeecompany, in 2011. The way I interacted with SSH and Git back then is the same way we interact with SSH and Git today – 11 years later.
While every developer starts their day with a “git pull,” we as an industry seem to have accepted that this workflow is riddled with complexity.
Setting up SSH is a pain. I still have to Google the ssh-keygen command every time I want to use it. Even the most experienced developers do, because it’s a complicated process. So much so that GitHub, GitLab, DigitalOcean, and others have an entire section of documentation dedicated to it.
And during that same setup process, I have to protect it with a strong passphrase (which I don’t want to enter every time I use it) and load it into an SSH Agent.
And do you know how many times I’ve accidentally copied my private key into GitHub instead of my public key? More times than I’d like to admit.
Why can’t this stuff just work like my phone? Why can’t I just authenticate with a fingerprint or facial recognition and get back to work?
I want better tools. I want that same kind of magic in my developer workflows.
Unnecessary complexity is a security risk
Complicated workflows aren’t just a pain, they’re a security risk. There are so many choices you have to make during the ssh-keygen process. What key type, RSA or elliptic curve? And what bit length/key strength? Do I protect the key with a passphrase? It’s easier not to use a passphrase, but that means I have to store the key as plaintext which is very insecure.
So, passphrase. It needs to be simple enough for me to remember, so I can type it in every time I need to (which is also insecure; because it’s a machine-to-machine secret, there’s no reason for me to even know it, let alone type it in). But it should also be hard to guess, which means it’ll be hard to remember. So I store it in 1Password, copy and paste it into my terminal every time I need to use it, and use SSH Agent … but that just gives blanket approval to any process to use any key.
Now throw in the rest of my toolkit: testing tools, debugging tools, version control, and triggering CI/CD pipelines into my IDE. We made all these things to integrate all our workflows into one unified experience – but most of these tools still need a credential to authenticate! Which means we have to store credentials in environment variables or settings files – which, in turn, means that we’re either needlessly exposing secrets or constantly breaking flow to authenticate.
The problem is growing too, because the scope of who we consider to be a “developer” is growing. So many people use Git nowadays: designers, technical writers, managers, QA testers. GitHub alone has exceeded 73 million people using their platform to collaborate. So it’s more important than ever that we eliminate this “accepted complexity” and make these tools easy and accessible to everyone.
We’re building consumer-grade experiences for developers
So that’s why we’re starting with the biggest thing that every developer uses: Git. With the built-in SSH support in 1Password 8, you can now generate a new SSH key with secure defaults, add it to GitHub, and push to a new git repo in less than a minute. All you have to do is authenticate with a fingerprint or your Apple Watch.
But that’s not all. If we’re serious about making developers' daily lives easier and more secure, then we should also look at how developers can use 1Password from their terminal. Which is why after 6 months of work and 1,344 commits we released 1Password CLI 2.0, which includes 49 significant improvements and that same biometric authentication magic.
This is why I was so excited to join 1Password: marrying brilliant UX with the carefully crafted developer tools that we built at SecretHub. By bringing consumer-grade experiences to developers, we’re not only making their/our lives easier, we’re securing an aspect of enterprise security that’s been largely ignored to this point.
We’ll have a lot more to say about this, so if you’re interested in what we’re building, stay tuned for more updates on Developer Tools, including a deep(er) dive into SSH and the new CLI, the #BuildWith1Password challenge, and a lot more. Better yet, join the community to chat with other devs or sign up for our developer newsletter – we’ll send the latest news right to your inbox.
See you there!
Marc Mackenbach
Director of Engineering, Developer Products
Tweet about this post