Using 1Password
PreviousTransferring keys to Remote Server from WindowsNextUsing Visual Studio Code with Remote SSH to Program Raspberry Pi
Last updated
Was this helpful?
Last updated
Was this helpful?
You can use 1Password to manage all your SSH keys. – with public keys, fingerprints, and private keys – right in 1Password.
And if you have existing SSH keys, you can . You can also from 1Password at any time.
Before you can use 1Password to manage your SSH keys, you'll need to:
Install 1Password for , , or , then .
(Optional) (2.20.0 or later).
Required to create SSH keys using 1Password CLI.
Generate an SSH key in the 1Password desktop apps or with 1Password CLI to use anywhere you need one.
Desktop apps
1Password CLI
Open and unlock the 1Password app, then navigate to your in the sidebar. If you've for any shared or custom vaults, you can generate your SSH key in one of those vaults instead.
Select New Item, then choose SSH Key.
Select Add Private Key > Generate a New Key.
Choose a , then select Generate.
You can edit the name of your key and make any other changes. When you're done, select Save.
Ed25519 is the fastest and most secure key type available today and is the option recommended by most Git and cloud platforms. Ed25519 is the default suggestion when you generate a new SSH key in 1Password and the key is automatically set to 256 bits.
RSA is one of the oldest key types available and is compatible with most servers, including older ones. Compared to Ed25519, RSA is considerably slower – particularly with decryption – and is only considered secure if it's 2048 bits or longer. 1Password supports 2048-bit, 3072-bit, and 4096-bit RSA keys.
If you have an SSH key you want to save in 1Password, you can import it.
Select New Item and choose SSH Key.
Select Add Private Key > Import a Key File, then navigate to the location of the SSH key you want and select Import. You can also drag and drop your SSH key file directly into the new SSH item or paste it from your clipboard.
When you're done, select Save.
If you see one of the error messages below when you import an SSH key in 1Password, check if there's an issue with the type of key, the file format, or the encryption:
You can export a private SSH key from 1Password at any time.
Open and unlock the 1Password desktop app.
Choose the SSH key you want to export, then select the private key field.
Choose the export format you need: OpenSSH or PKCS#8.
If you imported a PKCS#1-formatted key into 1Password, you will also have the option to export that key in PKCS#1 format.
Choose how you want to export your private key:
To encrypt your exported private key (OpenSSH format only), enter a passphrase, then select Copy Encrypted Key or Download Encrypted Key.
To export your private key in plaintext, leave the passphrase field empty (if there is one), then select Copy Unencrypted Key or Download Unencrypted Key.
1Password can't protect SSH keys that you store outside of your account. If you need to export a private key, we recommend you save it in a secure location. Don't store unencrypted private keys on disk.
1Password will automatically generate the public key and fingerprint for each private key you create so you can share it with the services and people who need it.
You can copy or download the public key of an SSH key in the right format every time, and you can use the fingerprint to compare and identify your keys across all your services.
1Password supports and key types in PKCS#1, PKCS#8, and OpenSSH formats.
Ed25519
The Ed25519 key type was first introduced in 2014 with . If you need to connect to an older server that isn't using OpenSSH 6.5 or later, an Ed25519 key won't work.
RSA
Open and unlock the 1Password desktop app, then navigate to your in the sidebar. If you've for any shared or custom vaults, you can generate your SSH key in one of those vaults instead.
If your SSH key is encrypted with a passphrase, enter the passphrase and select Decrypt. You'll only need to enter the passphrase once. After you import the SSH key into 1Password, it'll be encrypted according to the .
IS YOUR PASSPHRASE SAVED IN 1PASSWORD?
If the passphrase for your SSH key is already saved in 1Password, use to find and copy it without needing to switch context.
If you still can't import your SSH key, you can use 1Password to using the latest standards.
KEEP YOUR PRIVATE KEYS SAFE
For platforms that let you provide public keys in the browser (often found in an SSH Key settings panel), you can use 1Password in your browser to .
You can also copy your public key from the item view in 1Password and share it where needed, or use to find your public key even faster without needing to switch context.
Generating, importing, and sharing SSH keys requires 1Password 8. Any SSH keys that you generate or import can be viewed and copied in the 1Password 7 apps on your other devices. Make sure you're using an of 1Password 7 to view or copy your public or private keys.
