Level up your business security with free, on-demand training and certification. Explore 1Password Academy today →
VS Code remote ssh triggering wrong ssh key
When trying to connect to a machine using the Remote SSH extension, 1Password prompts me to authorize the SSH key, but it's always the wrong key. Connecting via PowerShell using the same config works without any problem, so I'm not sure if it's 1Passwords fault. OS: Windows 11 1Password version: 8.12.10 VS Code version: 1.116.0 Remote - SSH version: 0.122.01Password Connect Token Permissions Don't Appear to be Granular
I have a 1PW token that Terraform uses. Up until now, I only wanted Terraform to be able to read from this vault. But now I have a use case for using some items in Terraform to create a 1PW entry. However, I don't seem to be able to assign only the "create" and "edit" permissions without also granting the archive & delete permissions, which I don't want Terraform to be capable of (accidentally) doing. Reproduction Steps Open 1PW connect entry Go to access token with read only permission Attempt to grant that access token additional "create" and "edit" permissions. Expected Behavior Check off the Create and Edit items, and have those permissions take effect. Actual Behavior Checking create or edit also appears to check off "Archive" and "Delete" Screen capture below demonstrating the behavior
Feature Request: Manage "Autofill Behavior" via CLI/API
Hi team, I’m requesting the ability to programmatically set Autofill Behavior (e.g., "Always fill on this domain," "Only on this exact domain," or "Never fill") using the 1Password CLI and API. Current Pain Point: While I can create and edit items via op item create/edit, there is currently no flag or field to define how the browser extension should handle autofill for that specific URL. This requires manual GUI intervention after an automated setup. Proposed Feature: Add a flag or JSON attribute to the CLI to toggle these settings. Example: op item edit "My App" --url "https://sub.dev.com" --autofill "exact-domain" Use Case: Security: Automatically enforcing "Exact Domain Only" for sensitive subdomains during vault provisioning. Automation: Fully configuring new items for team members without requiring them to manually adjust settings in the browser.
SSH config managed from 1Password - alternative to SSH Bookmarks
(Mods: feel free to remove this if it's not appropriate here) I gave SSH Bookmarks a try but found it didn't quite cover my needs. No password/OTP auth, no way to use arbitrary SSH directives, no per-machine filtering, ... So I ended up building a small OSS tool called ssh-concierge that takes a similar approach but goes a bit further: it treats 1Password as the single source of truth for your entire SSH config, not just key-to-host mapping. In case it's useful to anyone else: https://github.com/bedezign/ssh-concierge Happy to answer questions!I would like EPM with my SOC workflow for Oauth. Looking forward to SCIM improvements for SecOps.
Didn't understand half of what the blog post went over b/c i had to remember so many acronymns. https://1password.com/blog/automating-soc-workflows-with-1password-enterprise-password-manager Look at what is happening in society. People are live streaming implementations of openclaw and exposing their tokens. OPENCLAW DEMO THAT YOU NEED TO WATCH. I TIMESTAMPED IT SO U GO TO GOOD PARTPrompted every time I need to sign a git commit or tag
I have 1Password set up to sign git commits and tags in both Windows and WSL (I use the latter most for development). Starting a few months ago but getting increasingly frustrating (especially when I rebase a lot of commits), I'm prompted every time I need to sign. My ~/.gitconfig is set up like so (relevant settings shown): [user] signingkey = ssh-ed25519 PUBKEY [core] sshCommand = ssh.exe [gpg] format = ssh [gpg "ssh"] program = "/mnt/c/Users/USERNAME/AppData/Local/Microsoft/WindowsApps/op-ssh-sign-wsl.exe" [commit] gpgsign = true [tag] gpgsign = true `ssh-add -L` (both the ELF executable in WSL as well as running the PE/COFF `ssh-add.exe`) shows my ssh auth and signing keys. 1Password - the desktop app - is also configured to only prompt when 1Password is locked or after 4 minutes. I get this same prompt-on-every-use behavior whether 1Password is open and unlocked or not. Works as expected for my browser extension, though. I found a post from about a year ago that someone resolved a similar behavior by re-installing 1Password. I may try that, but would rather hear from a dev to troubleshoot the issue in its current state so a proper fix could be made so this doesn't keep happening after winrot or whatever is causing this happens again to anyone.
Dynamic SSH Keys
I have a personal 1password families subscription. I am using the 1Password ssh agent for storing the ssh keys i use for all use cases. The organization I work for has recently started to use a service called "teleport" (https://goteleport.com/). This stores a temporary ssh key whenever I logon to it to connect to any of our servers. As of now, if i try to use it with the 1Password agent enabled, it is unable to do so and fails with an error saying that it was not able to add the key to the agent. It works as expected when using either the microsoft windows openssh agent or with the linux openssh agent. I am looking for suggestions on how to make this work with the 1Password ssh agent. Thanks Abhishek
SCIM Bridge Fails Sync
We're running SCIM Bridge 2.9.9 and the only method to achieve a successful sync and subsequent provisioning of accounts, is by logging into the Bridge and manually executing the "Sync Groups" function. All 5 status indicators in the Bridge are green and state "Connected", the Google Workspace User Provisioning integration within our 1Password console reflects "Good" health, successful connection with the bridge, and Provisioning users and groups is enabled. There is an error in the SCIM log about a certificate, but it does not prohibit a successful sync with the "Sync Groups" groups function in the bridge. Log snippet with IP Address redacted: "certificate is not allowed for server name xxx.xxx.xxx.xxx: certificate for 'xxx.xxx.xxx.xxx' is not managed","domain":"xxx.xxx.xxx.xxx","time":"2025-04-11T00:05:55Z","message":"certificate manager error while getting certificate" There are no other errors in the log. Please advise
