Storing ssh private key should not mean storing them unencrypted

Hi,

Just found out that 1password now supports SSH keys, wonderful!

Trouble is, 1 password decrypts the private key and returns a unencrypted key when downloading the file. Why not decrypt the key on import to get the public key, and just offer the possibility to keep the private key encrypted ?

I'm guessing that this is done to make the ssh-agent integration work but it should be made clearer to the user that decrypting the key on import means keeping it unencrypted and more importantly gives back an unencrypted key when downloading the file. Or maybe keep the unprotected version for ssh integration, but download the original, protected one ?

If the key was protected on import, it should not be left unprotected by default when I get it back.

As a side note in my case, "copy" the private key is just completely broken and gives back a key which cannot be reused. ssh-keygen -y -f [key] returns invalid format.

So for the time being, I'll stick with secure notes. Damn, I was so thrilled when I saw that 1password added support for ssh keys :/

Regards

---

1Password Version: 8.6.1
Extension Version: Not Provided
OS Version: Windows 11 21H2 22000.556