Forum Discussion

Former Member's avatar
Former Member
3 years ago

1password seems to include my SSH private key in the tag message when signing a git tag.

I am using 1Password and the SSH agent to store my SSH keys and sign git commits, and it works great!

However, when I sign a git tag my private key is included in the tag message. This is then displayed in plane text when I push the tag to GitLab.

My .gitconfig file includes:
```
[user]
name =
email =
signingkey =

[gpg]
format = ssh

[gpg "ssh"]
program = "/Applications/1Password.app/Contents/MacOS/op-ssh-sign"
allowedSignersFile = "~/.ssh/allowed_signers"

[commit]
gpgsign = true

[tag]
gpgsign = true

```

I generate the tag with: git tag -a "tag-name" -m "tag-message"

When I run git show tag-name, I see:
```
tag tag-name
Tagger:
Date:

tag-message

commit ....

```

I am going to have to disable signing my git tags with 1Password for the time being, so any help to resolve this would be greatly appreciated!


1Password Version: 8.10.4
Extension Version: Not Provided
OS Version: MacOS 13.3.1
Browser:_ Not Provided

7 Replies

  • Former Member's avatar
    Former Member

    Issue is probably the wrong word, but yes, GitHub handles the signature in its UI far more cleanly than GitLab. I'll raise a ticket with GitLab. Thanks for your help!

  • floris_1P's avatar
    floris_1P
    Icon for 1Password Team rank1Password Team

    What do you mean here exactly with "the issue"? The human readability of the tag message in their UI?

  • Former Member's avatar
    Former Member

    Ah yes, that is obvious in hindsight. GitLab prints out the entire signature when displaying the tags and makes it very hard to read. So I guess the issue is with GitLab, or is it that they expect it to be signed differently to GitHub?

  • floris_1P's avatar
    floris_1P
    Icon for 1Password Team rank1Password Team

    Ah yes, that's the signature which can be used by GitHub and others to prove the authenticity of the tag. Not the private key, that'll stay in 1Password.

  • Former Member's avatar
    Former Member

    floris_1P , thanks for the response. I get:

    tag-message
    -----BEGIN SSH SIGNATURE-----
    ...
    -----END SSH SIGNATURE-----

  • floris_1P's avatar
    floris_1P
    Icon for 1Password Team rank1Password Team

    @TJGreen97 What kind of heading do you see in the part that you redacted in your snippet? -----BEGIN ...