It’s Cybersecurity Awareness Month! Join our interactive training session, or learn about security and AI from 1Password experts.
Forum Discussion
request: remember application approval for SSH agent
my intelliJ app has Git Toolbox plugin which checks git via SSH every 10 minutes. Due to this, I continuously get 1Password 8 on macOS asking if I want to allow this PHPStorm to access the SSH key.
Can you please add an option to remember the setting? Otherwise I need to revert moving to the 1password 8 SSH agent.
1Password Version: 8.9.4
Extension Version: Not Provided
OS Version: macOS
Browser:_ Not Provided
23 Replies
Hey 1Password team, this is indeed an issue.
What would best fix it is to simply have an "Always approve for this application" button. That should be quite a simple fix. In my case, I always have to approve for VS Code. You already have an "Always approve" button, but that simply skips all approvals.I believe "Approve for all applications" appearing as a checkbox when access requested is non-sensical.
The 1Password Developer settings has you explicitly set whether you should "ask approval for each new application", or even a higher security posture, "ask for each new application and terminal session". There's no option to approve for all applications.
Taking a step back, a user wishing to approve for all applications wouldn't turn on the SSH agent at all since they would just leave ~/.ssh on disk. So it's a vector for a security leak if someone clicks there.If a popup shows up with an application (in my case, the IDE) requiring access, then "Always approve for this application" is expected. But surprisingly that doesn't seem to be a possibility. Unfortunately it doesn't seem possible to have the IDE process launching terminal windows to use a fixed process ID if that's what 1P is using to determine whether something constitutes a new application which approval is already granted for.
2.25 years now with the same request, lots of auto-bots saying they've passed along our feedback but nothing has changed.
- 1P_Tommy
Moderator
Thank you for sharing that this type of enhancement would be a benefit to how you use 1Password. I have passed this along to the products team for further consideration. While I can't guarantee a specific outcome, I can advocate for your position.
ref: PB-43755828
I'd like to reiterate the want for a "Always approve for this application". It's quite tedious to have to re-approve more than one key each time I reboot an application or 1password itself when I update them and reboot them. I appreciate the default being to have low trust, but I trust these applications and their supply chains so I don't worry that it could be exploited.
@"brian.f_1P" said:
Under Preferences -> Developer, you could set it to remember an application until it or 1Password quits.
I realize this is almost 2 years old, but I don't see that option in modern versions. I see remembering until 1Password quits, but there is no mention of application handling.
From my naive reading of the prompts and https://developer.1password.com/docs/ssh/get-started/, it seems I can only authorize that EVERY application can use a key indefinitely. I like/prefer being prompted by each application that does... but I don't want to keep approving the same app (my IDE) over and over and over again.
We should have the "Always approve for this application" option, and not just the "Approve for all applications" option, because some development tools access ssh keys frequently.
+1 this feature is unusable in its current form. Please just tie it to my login keychain. I want to store my keys securely with 1Password but I have no desire to approve every single access. I just want 1 password for storing/syncing of keys. Please stop prompting me every time an app needs a key. This is ridiculous.
Same here ... I have to unlock 1Password to push to github and when I deploy just a few seconds later (through ssh / php deployer), the terminal asks for my SSH key password. Then I have to Control+C the command in the terminal, open and unlock 1Password, start the deployment again and authorise it when the modal from 1Password pops up.
MacOS 13.5.1, PhpStorm 2023.1, 1Password for Mac 8.10.16 (81016015)
I'm also experiencing the behavior mentioned in the original post. I have "Remember key approval" set to 4 hours, but every time I make a git commit, I have to type in my password to use the GPG signing key, and every time I fetch/pull/push, I have to type in my password to use the GitHub auth key (all of these happening within ~10 minutes of each other).
Using 1Password for Linux 8.10.13 (81013005)
To note, I often experienced the same problem as @truecarry , but I haven't used Windows in a while, so I assume that's better.
