Forum Discussion

matthewf's avatar
matthewf
New Contributor
1 month ago

1Password guest account for a dev machine?

Hello friends,

I've been reading about the Shai-Hulud/Sha1-Hulud malware which is currently spreading through npm packages with its TruffleHog payload, and there are plenty of other examples of supply-chain attacks against developer tools.

My 1Password has everything in it; stuff that I use for indie-development, and personal things like logins to my email and banking.

So now I'm thinking about making a clear separation between my indie-dev machine and other boxes that I use for traditional home-computing.

1Password's guest accounts look ideal for this. I could make a guest account which only has access to that one vault, and use only that guest account on my dev machine. Luckily my indie-dev items are already in a separate vault.

Would that work? Have I missed any gotchas? (And would this be compatible with 1Password's acceptable use-cases for guest accounts?)

Matthew

security

3 Replies

  • matthewf's avatar
    matthewf
    New Contributor
    1 month ago

    Thank-you 1P_Phil​, I did consider service accounts, but I don't think they would allow me to use the 1Password desktop app or auto-fill in the browser.

  • 1P_Phil's avatar
    1P_Phil
    Icon for Moderator rankModerator
    1 month ago

    Hi matthewf​ ,

    Thanks for the note, fundamentally the mechanics seem solid to me. We have some new tooling which may make things a little easier if you are on a Family / Team account (links below). 

    I'm checking internally regarding the acceptable use question.

    For Family / Team / Business accounts, we have Service Account Tokens which can be used in-place of logins in the CLI and SDKs.  Then you can issue a service token to a Docker Instance on either a per-vault basis with different permissions.  That should pretty well insulate you from malicious actors.  Here's a link to learn more.

    https://developer.1password.com/docs/service-accounts

    Cheers,
    Phil & Team