It’s Cybersecurity Awareness Month! Join our interactive training session, or learn about security and AI from 1Password experts.
Forum Discussion
Former Member
3 years ago1password seems to include my SSH private key in the tag message when signing a git tag.
I am using 1Password and the SSH agent to store my SSH keys and sign git commits, and it works great!
However, when I sign a git tag my private key is included in the tag message. This is then displayed in plane text when I push the tag to GitLab.
My .gitconfig
file includes:
```
[user]
name =
email =
signingkey =
[gpg]
format = ssh
[gpg "ssh"]
program = "/Applications/1Password.app/Contents/MacOS/op-ssh-sign"
allowedSignersFile = "~/.ssh/allowed_signers"
[commit]
gpgsign = true
[tag]
gpgsign = true
```
I generate the tag with: git tag -a "tag-name" -m "tag-message"
When I run git show tag-name
, I see:
```
tag tag-name
Tagger:
Date:
tag-message
commit ....
```
I am going to have to disable signing my git tags with 1Password for the time being, so any help to resolve this would be greatly appreciated!
1Password Version: 8.10.4
Extension Version: Not Provided
OS Version: MacOS 13.3.1
Browser:_ Not Provided
7 Replies
- Jack_P_1P
1Password Team
On behalf of Floris, you're very welcome!
Jack
- Former Member
Issue is probably the wrong word, but yes, GitHub handles the signature in its UI far more cleanly than GitLab. I'll raise a ticket with GitLab. Thanks for your help!
- floris_1P
1Password Team
What do you mean here exactly with "the issue"? The human readability of the tag message in their UI?
- Former Member
Ah yes, that is obvious in hindsight. GitLab prints out the entire signature when displaying the tags and makes it very hard to read. So I guess the issue is with GitLab, or is it that they expect it to be signed differently to GitHub?
- floris_1P
1Password Team
Ah yes, that's the signature which can be used by GitHub and others to prove the authenticity of the tag. Not the private key, that'll stay in 1Password.
- Former Member
floris_1P , thanks for the response. I get:
tag-message
-----BEGIN SSH SIGNATURE-----
...
-----END SSH SIGNATURE-----
- floris_1P
1Password Team
@TJGreen97 What kind of heading do you see in the part that you redacted in your snippet?
-----BEGIN
...