Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Custom aliases and OpenSSH fields for SSH Bookmarks
SSH bookmarks is a great feature - one I was intending on building myself until I found 1Password's docs for it. However, it is missing a couple important features for me to be truly happy with it. I setup aliases for my common SSH hosts, and would like to be able to add these into 1Password. In particular, I want to be able to set custom names for each bookmark. For instance, I SSH to my university's servers typically with `ssh unsw`, not the far longer `ssh zXXXXXXX@loginX.cse.unsw.edu.au`, which is what the bookmark matches on. In addition, some of these bookmarks are for trusted hosts, where I want to enable `ForwardAgent yes` or similar additional OpenSSH options, and being able to use bookmarks to set these across my devices would be extremely helpful. Currently, I have a config file local to each computer that contains something like the following for each host: Host unsw User zXXXXXXX HostName loginX.cse.unsw.edu.au ForwardAgent yes CanonicalizeHostname yes This converts `unsw` to the long form user and host that is matched by the bookmark config. Ideally, these could all be configured via 1Password. A generic syntax for custom OpenSSH options would also solve other missing properties mentioned by others on this forum (e.g. ports).Credential theft via NPM
1P_Blake and 1P_Dave I think this is a great topic but a five alarm fire is happening right now with credential theft via npm. I think that you need to have an all hands on meeting about how to promote the credential injection feature that all 1pasword customers can use. My .zshrc file and .envrc file now use the op read syntax. It took me months to learn but i finally have it. This is a topic that needs to be drilled into EVERYONES head as more people start using Api Keys with their LLM providers. This is your moment.....It's go time for 1password.... You have a solution but don't know how to explain it to non-developers.
CLI Slow Performance
I have the 1Password desktop app installed and up to date on my macBook Pro, the `op` CLI is also installed, up to date, and working properly. All expected CLI queries work but they are surprisingly slow. After a bunch of trial and error, it seems that it is making a round-trip online as part of every single CLI query. I added the --debug flag and I can see cache hits, but the round trip online is still occurring. Disabling the network interface causes all queries to fail. Is it possible to get the 1Password CLI working fully offline to avoid all of this unnecessary round-trip business? Surely with the desktop app installed and CLI integration turned on, there has to be a way to make efficient (and offline) use of my 1Password vaults. Otherwise automation tasks that require secrets are simply too cumbersome to handle with 1Password, and I will require a secondary solution. And in that case, I may as well give up on 1Password.
Missing op-ssh-sign-wsl on Windows WSL
Hi team. I am trying to use the 1Password SSH Agent with WSL2, but I keep getting this error when SSH is invoked: fatal: cannot exec '/mnt/c/Users/bronze/AppData/Local/1Password/app/8/op-ssh-sign-wsl': No such file or directory error: fatal: failed to write commit object Environment: Windows 10 1Password desktop installed and signed in SSH Agent enabled in 1Password desktop WSL2 (Ubuntu) op installed via the official 1Password page op --version: 2.32.0 Issue: Running SSH inside WSL fails because the binary op-ssh-sign-wsl is missing. Running:ls ~/.1password/agent shows no op-ssh-sign-wsl. op ssh commands are recognized or partially recognized, but signing still fails due to missing binary. What I’ve tried: Reinstalled WSL on Windows. Disabled and Re-enabled SSH Agent on the Windows app Reinstalled 1password-cli inside WSL through the official page Restarted WSL and my machine. Same result: op-ssh-sign-wsl is not created. Thanks in advance.
1password-cli brew installation/upgrade fails
Hi Since I have updated brew today, any of these command fails : $ brew upgrade $ brew upgrade 1password-cli $ brew install 1password-cli ==> Fetching downloads for: 1password-cli ✔︎ Cask 1password-cli (2.32.0) [Verifying 8.8MB/ 8.8MB] Error: Cask '1password-cli' definition is invalid: invalid 'depends_on macos' value: unknown or unsupported macOS version: :"10.11" It looks like an issue with the 1password-cli cask, that defines an older MacOS version that is no longer supported by brew... It is rather annoying because I don't want to uninstall 1password-cli ( I use it to store my development secrets: API keys, etc.) and I need a recent version of brew... Please halp! Fred $ uname -a Darwin localhost 24.6.0 Darwin Kernel Version 24.6.0: Mon Aug 11 21:16:05 PDT 2025; root:xnu-11417.140.69.701.11~1/RELEASE_X86_64 x86_64 $ op --version 2.31.1 $ brew config HOMEBREW_VERSION: 4.6.20-112-gb652f7b ORIGIN: https://github.com/Homebrew/brew HEAD: b652f7b61019b6a8babb078dfcff13352bc4604d Last commit: 74 minutes ago Branch: main Core tap HEAD: fdf138096bec1258922d3cd4ec1647d3923bf4bd Core tap last commit: 47 minutes ago Core tap JSON: 10 Nov 18:40 UTC Core cask tap JSON: 10 Nov 18:40 UTC HOMEBREW_PREFIX: /usr/local HOMEBREW_CASK_OPTS: [] HOMEBREW_DISPLAY: /private/tmp/com.apple.launchd.ibhXfildbe/org.macosforge.xquartz:0 HOMEBREW_DOWNLOAD_CONCURRENCY: 16 HOMEBREW_EDITOR: emacs HOMEBREW_FORBID_PACKAGES_FROM_PATHS: set HOMEBREW_MAKE_JOBS: 8 HOMEBREW_SORBET_RUNTIME: set Homebrew Ruby: 3.4.5 => /usr/local/Homebrew/Library/Homebrew/vendor/portable-ruby/3.4.5/bin/ruby CPU: octa-core 64-bit kabylake Clang: 17.0.0 build 1700 Git: 2.51.2 => /usr/local/bin/git Curl: 8.7.1 => /usr/bin/curl macOS: 15.7.1-x86_64 CLT: 26.1.0.0.1.1761104275 Xcode: N/A
"Connection Refused" when accessing 1Password ssh-agent within DevContainer
I've been trying to get this to work for a few hours and I'm at a loss for what to do next, so asking for ideas about what the problem could be. My software stack is macOS 26/Tahoe, 1Password 8.11.16, Orbstack (for containers), and VSCode w/DevContainers. I have my SSH keys in 1Password and when executed from the host system, the keys are visible (and SSH works): % SSH_AUTH_SOCK="${HOME}/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock" ssh-add -l 256 SHA256:... (ED25519) % ssh -T git@github.com Hi <username>! You've successfully authenticated, but GitHub does not provide shell access. I have the DevContainer configuration to bind-mount the socket into the container and set a proper `SSH_AUTH_SOCK` value: "mounts": [ "source=${env:HOME}/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock,target=/tmp/ssh-agent-1password.sock,type=bind" ], "remoteEnv": { "SSH_AUTH_SOCK": "/tmp/ssh-agent-1password.sock" }, ... when I am in the container, the socket looks right, `SSH_AUTH_SOCK` is correct, but `ssh-add` fails to connect with an error: root@5a53d7e1c685:/tmp# ls -la ssh-agent-1password.sock srw------- 1 root root 0 Nov 2 16:36 ssh-agent-1password.sock root@5a53d7e1c685:/tmp# echo $SSH_AUTH_SOCK /tmp/ssh-agent-1password.sock root@5a53d7e1c685:/tmp# ssh-add -l Error connecting to agent: Connection refused I've verified that the directory itself IS accessible to docker by changing `source=${env:HOME}/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock` to be `source=${env:HOME}/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sockk` and restarting the container -- when I do that, the directory `agent.sockk` is created within the directory as expected (which I am interpreting as evidence that Docker can traverse all the way to the directory and create a sub-folder within it). I suspect what is happening is that 1Password is blocking the connection entirely (meaning it isn't a filesystem permissions error or otherwise), but I'm not sure how to prove that is the case or how to fix it if it IS the case. Any ideas for diagnostic steps to take next?
AWS Shell plugin is not providing session token
Hello, I tried to set up AWS shell plugin in a way that it'll provide me short lived tokens. I need these for our internal tools that use AWS SDK and is able to work with these temporary credentials, so 1Password doesn't see this to be something originating from `aws` cli. I'm trying to understand how can I use 1Password to only hand out temporary credentials so that the application doesn't have to deal with getting the tokens itself. According to Shell plugin docs (https://developer.1password.com/docs/cli/shell-plugins/aws/#optional-set-up-multi-factor-authentication) there should be session token set up, but I don't see it. I don't understand how it should get there and when should it be available. It's currently set up in this manner and aws plugin seems to be able to use MFA: op % op item get xyz ID: xyz Title: AWS Vault: Employee (abc) Created: 2 years ago Updated: 20 minutes ago by [me] Favorite: false Tags: XXX Version: 42 Category: LOGIN Fields: username: [username] password: [use 'op item get xyz --reveal' to reveal] access key id: [access-key] secret access key: [use 'op item get xyz --reveal' to reveal] one-time password: 123456 mfa serial: arn:aws:iam::[rest] Default region: [region] Account ID: [account-id] URLs: website: https://us-east-1.console.aws.amazon.com/iam/...
1Password Environments Beta is awesome
Just wanted to drop some feedback after playing around with the new Environments Beta in 1Password. Honestly, I’m loving it so far. The local .env file mounting is just brilliant. Secrets are easy to access without having to run extra commands, but still secure – exactly what I want. Makes switching between machines seamless, too. A couple of things I’d really like to see next: 1. CLI Integration - being able to create/edit/list environments and variables from the terminal would make this so much more useful, right now, having to click around in the desktop app is a bit of a pain for dev workflows. 2. More integrations: AWS Secrets Manager is a great start, but would love to see GCP and other major providers such as GitHub, etc. A plugin system for integrations would be awesome also to help cover more niche players like Modal.com Overall, this is a huge step in the right direction for 1Password. Can’t wait to see where this goes next!Cannot create now service account or rotate token
I'm having trouble creating new service account or rotating existing service account token with 500 error: Attempts via op CLI fails as well. $ op service-account create ... [ERROR] 2025/10/20 17:01:12 (500) Internal Server Error: Server experienced a fatal error. There's no sign of outage in service account at https://1password.statuspage.io/. Has anyone experienced the same thing?
