Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Forum Discussion
How to forward 1Password SSH agent to docker container (MacOS)?
Apparently there's a magic going on in Docker Desktop for MacOS to allow forwarding SSH_AUTH_SOCK to the docker container, as discussed https://github.com/docker/for-mac/issues/410#issuecomment-577064671. I doubt this is possible but it wouldn't hurt to ask, is there a way to forward https://developer.1password.com/docs/ssh/agent/ to a docker container?
Command: docker run --mount "type=bind,src=$HOME/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock,target=/run/host-services/ssh-auth.sock" -e SSH_AUTH_SOCK=/run/host-services/ssh-auth.sock --rm golang:latest ssh-add -l
Output: Error connecting to agent: Connection refused
Without docker works as expected:
export SSH_AUTH_SOCK="$HOME/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock,target=/run/host-services/ssh-auth.sock"
ssh-add -l
Output: 256 SHA256:... SSH Key (xxx) (ED25519)
1Password-cli version: 2.4.1
1Password Version: 8.7.1
Extension Version: 2.3.5
OS Version: macOS 12.1
Referrer: forum-search:https://1password.community/search?Search=Forward%201Password%20SSH%20agent%20to%20docker%20container%20(MacOS)
4 Replies
floris_1P1Password Team
@andrepereira Could you try if this works:
export SSH_AUTH_SOCK=~/Library/Group\ Containers/2BUA8C4S2C.com.1password/t/agent.sock
docker run -v /run/host-services/ssh-auth.sock:/run/host-services/ssh-auth.sock -e SSH_AUTH_SOCK="/run/host-services/ssh-auth.sock" alpine sh -c 'apk add openssh && ssh-add -l'
Thank you 1P_Simon !
- 1P_Simon
Hi @andrepereira, just a heads up that I've moved this discussion over from the CLI forum to the SSH forum. The 1Password SSH agent is independent of 1Password CLI. It is shipped with 1Password 8.
I'll ask the SSH team to look at your question about running it in a docker container.
on linux that works perfectly, but i have this same issue on docker for mac, because it's different the way that bind mount is done between linux and macos machines.
the only workaround (Extremely unsecure )that you could do is to use socat , you need to expose your ssh socket as tcp service and then inside your container use the socat again to consume that tcp socket and transform it to unix socket.
