How to set up TLS for 1Password Connect?

Former Member

4 years ago

It works now!

Awesome! 🎉

Partially off-topic, but security related, so I hope it's allowed:

I would like the *.pem files to only be readable by root, but still share them with the Docker container.

Is this possible? If so, how? If not, what's the best practice here?

Of course that is allowed! Unfortunately, it is somewhat of a problematic thing with Docker. There is no way to mount a file with different permissions than on the host. That means that if the file is accessible by root only, the container have to run as root to read the file. The latter is generally considered to be a bad practice. That is also the reason why Connect's images use a custom user.

What you can give a try though, is: sudo chown 999 <pem-file> and sudo chmod 600 <pem-file>. That will make the user with UID 999 (the UID that is used within Connect's containers) owner of the file and the only user that can read it. Connect should still be able to read the file and any user except for user 999 and root should not be able to read it.

Forum Discussion

How to set up TLS for 1Password Connect?

Featured discussions

September at 1Password: Browser versions, enhanced security, and new integrations

Recent discussions

Unofficial 1Password SDK for Rust

🔊 Securing Cursor agentic development with 1Password Environments

ssh agent and ansible 12 prompting incessantly

1Password Chrome extension is incorrectly manipulating <code> blocks

Custom aliases and OpenSSH fields for SSH Bookmarks