Add password-protected ssh keys promptless using 1Password.
Project description
op_askpass
Load password-protected ssh keys to your agent without prompts using 1Password.
Currently tested on Ubuntu only.
Getting started
$ pip install op_askpass
# This installs 1Password cli locally.
$ op-askpass setup-op-client my.1password.com my_username@gmail.com
$ op-askpass add-key ~/.ssh/id_rsa "my 1Password item name"
# This fetches the password from 1Password and calls ssh-add.
$ op-askpass login my
If your operating system (like Ubuntu 18) automatically adds ssh keys, but does not
unlock them use op-askpass login my --no-skip-existing
to force unlock keys.
If your system does not have gpg
binary to verify signature of op
client, pass
--no-verify
to op-askpass setup-op-client
to skip verification.
Details
op-askpass
stores a small configuration file and 1Password cli called op
in your $HOME/.op-askpass
directory.
The configuration file contains a mapping from ssh key fingerprint to key path
and 1Password item name. The key path is needed for loading the key when
calling op-askpass login
. The item name is looked up for password and
provided instead of prompt.
Underneath, op-askpass
uses SSH_ASKPASS
command to override prompt and
instead provide the password from 1Password. The only prompt is shown during
op-askpass login
to retrieve a 30-minutes long session key.
You can list keys added to op-askpass
using list-keys
command, and delete not needed
ones with op-askpass delete-key <path_to_key>
.
1Password integration
For regular, non-company users the 1Password domain is my.1password.com
. For
company users it is usually company.1password.com
.
Currently, only password
1Password items are supported.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Hashes for op_askpass-0.0.9-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 4550a3e29f993e103c302ca42b4c29a1584764bf0c65081a725630e982abf5af |
|
MD5 | 1d7ec393f57be0a8dc92f0c7a7c92fa2 |
|
BLAKE2b-256 | b368aeca092aacddcd669f02c0af0362f50ff02c095a0252a44b3d5d1a4b30d3 |