Skip to main content
1P_justin
1Password Employee
May 15, 2025
Question

Linux public key expiry update - action required for Arch Linux, Flatpak & RPM-based installs

  • May 15, 2025
  • 1 reply
  • 725 views

Hello 1Password Community!

If you are a Linux user, you may have received an email from us last week stating that the public key that certifies updates for 1Password for Linux is expiring with a recommendation to update 1Password before May 16th to avoid future issues when updating the application.

Since sending the notice, we’ve determined that Arch Linux, Flatpak and RPM-based installs will not automatically receive the updated public key by updating 1Password and users will need to take additional action in order to update the public key.

Arch Linux

Arch Linux users will continue to be able to update 1Password but will see validation failures when manually validating a 1Password update beyond May 16th.

To update your key, run the following command:

curl -sS https://downloads.1password.com/linux/keys/1password.asc | gpg --import

Flatpak

Flatpak-based installs will require our updated .flatpakref file to be downloaded and installed.

First, replace the flatpak repo with the following command:

flatpak remote-delete onepassword-origin

Respond 'y' when asked if you want to remove flatpak. Then run:

flatpak install https://downloads.1password.com/linux/flatpak/1Password.flatpakref

While this will effectively reinstall 1Password, account and setting information will be preserved.

RPM

For RPM-based installs, you’ll first need to remove the existing key by running the following command:

$ sudo rpm -e gpg-pubkey-2012ea22-591e021e

Then, run the following command to download the updated key.

$ sudo rpm --import https://downloads.1password.com/linux/keys/1password.asc

 

You can find more information regarding checking and updating the signing key here. If you have any questions, please feel free to drop a comment.

Thank you for using 1Password!

1 reply

May 15, 2025

For the RPM instructions, I was getting an error that the existing gpg key package was not installed. The existing key removal command is missing an 'e' at the end of the key id. So it should be:

sudo rpm -e gpg-pubkey-2012ea22-591e021e

Please confirm.

1P_justin
1P_justinAuthor
1Password Employee
May 15, 2025

You are 100% right - I made a copy + paste error! Thank you so much. I've updated the post accordingly. :)

May 15, 2025

Great, thanks. And just to confirm, after running the command for importing the updated key, should we be receiving what seems to be the same exact key? Here's the rpm -qi output of the 'new' key.