My team and I regularly use Docker for lightweight local environments that are pre-configured with things we need to develop that project. (It helps avoid things like "works on my machine".) If I need to work on a Terraform module, I can launch the Docker environment that has all the tools I need pre-installed and ready-to-go, and I can make my changes, run tests, and perform all sorts of general software development tasks. When I'm done, I press Ctrl+D. We can easily read specific environment variables from the host environment and pass them into the Docker environment (e.g., AWS credentials, Terraform variables), and for Git, we can mount the local SSH directory into the container in read-only mode so that we can fetch and push (-v ~/.ssh:/root/.ssh:ro) to GitHub Enterprise. Herein lies the problem with migrating the SSH keys into 1Password and not having them on-disk. There's nothing to mount, and 1Password only runs on the host. The low-fi solution is to keep my SSH keys on-disk for Docker, while copying them into 1P for use with that SSH agent, but then what's the point to using 1Password SSH? A higher-fi solution (since this is desktop-use Docker; not for deployment) would be the ability to mount a unix socket from the host into the Docker container, and have some kind of tiny agent built for Linux (namely Alpine Linux) that can run and facilitate whatever signals need to be sent so that when I run git pull inside the Docker container, this agent sends a signal to 1Password on the host asking for authentication. 1Password Version: 80600043 (beta channel) Extension Version: N/A OS Version: macOS 12.3β

I am working with Windows and VSCode DevContainer. Creating a repository on a Docker Volume instead of mounting a local directory improves performance and enables change watching using inotify. In this case, Git must be run inside the Docker container to clone the code, sign the commit, and push it, which requires SSH. However, there is no way to communicate between the SSH client in the Docker container and the 1Password SSH Agent on Windows. Unlike WSL, the npiperelay cannot be run on the Docker container. When I execute Git commands on the container, I want to be automatically prompted for authentication by Windows Hello to use the SSH key managed by 1Password.

Are you SSHing into the Docker container from your local machine with 1Password? If so, can you use SSH agent forwarding? The 1P SSH docs don't mention it isn't supported but I haven't tested it myself.

I was curious so I just tested ForwardAgent with 1Password's agent: it works! 🎉 Local machine is a Mac with 1Password+agent. I ssh'd into HostA which has my public key in authorized_keys From within that ssh session, I ssh'd into HostB which also has my public key in authorized_keys. HostA does NOT have 1Password (it's a headless Linux lxc container) ~/.ssh/config entry is simple: host <myhost> ForwardAgent yes Note that ForwardAgent has some serious security considerations everyone should heed: https://vincent.bernat.ch/en/blog/2020-safer-ssh-agent-forwarding. In your case, you're treating your Docker container as a trusted local development machine and were ready to mount your private keys into it, so using ForwardAgent would obviously be even more secure and just fine for your situation. 1Password experts: is there an opportunity for 1Password's agent to make ForwardAgent more secure by prompting on every use of the key, even through a server we've forwarded the key to? AddKeysToAgent confirm doesn't seem to accomplish this.

Without looking into your links (yet), it's important to note that the first hop (from host to local container) isn't over SSH. I'm using docker run, not ssh. SSH only comes into play during the second hop from the container → GitHub. I'm trying to figure out how to leverage 1P8 for the first hop.

[Feature Request] Using 1P SSH from inside a local Docker container

Featured discussions

Developer newsletter: May 2026
Place Developer blog

Forum Discussion

Featured discussions

Developer newsletter: May 2026

Recent discussions

CLI Slow Performance

No environment support in Linux

Feature Request - MCP Limiting Controls

1password locks within 10 seconds on High Performance or Dynamic resolution screen share on macOS

Feature Request: Can we get a gh auth login style flow for the CLI?