Skip to content

Instantly share code, notes, and snippets.

@jgarber623

jgarber623/01_zprofile

Created December 13, 2023 14:39
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jgarber623/5c5546742a6b9400e75c46723695e7e6 to your computer and use it in GitHub Desktop.
Save jgarber623/5c5546742a6b9400e75c46723695e7e6 to your computer and use it in GitHub Desktop.
Download ZIP
A minimal set of configuration to use an SSH key stored in 1Password with Git (and Dev Containers).
Raw
01_zprofile
# ~/.zprofile
#
# Rather than follow 1Password's recommendation to configure this in ~/.ssh/config, override
# macOS' default SSH_AUTH_SOCK environment variable. In testing, this configuration allowed
# for Visual Studio Code's Dev Containers extension to reliably connect to the host machine's
# SSH agent.
#
# ~/.zprofile (or ~/.bash_profile) is the recommended location, but other files sourced
# by your shell _might_ work.
export SSH_AUTH_SOCK="${HOME}/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"
Raw
02_gitconfig
# ~/.gitconfig
#
# Ensure you have a current version of Git installed (v2.43.0 is known good). Commit signing
# with SSH keys was added recently.
[commit]
gpgSign = true
[gpg]
format = ssh
[gpg "ssh"]
allowedSignersFile = ~/.ssh/allowed_signers
[tag]
gpgSign = true
[user]
name = FirstName LastName
email = you@domain.example
signingKey = key::ssh-ed25519 <public_key_from_1password>
Raw
03_ssh_allowed_signers
# ~/.ssh/allowed_signers
#
# You can add as many lines to this file as you'd like in the format detailed below. Maybe
# add all of your teammates' public keys so that their signed Git commits will display as
# verified when invoking commands like `git show --show-signature`, `git log --show-signature`,
# etc. etc. etc.
you@domain.example ssh-ed25519 <public_key_from_1password>
@jgarber623
Copy link
Author

jgarber623 commented Dec 13, 2023
edited

In 1Password 8 (or newer), enable the following settings for maximum convenience:

  • General: "Keep 1Password in the menu bar"
  • Developer: "Use the SSH agent"
  • Developer: "Ask for approval for each new application"
  • Developer: "Remember key approval until 1Password locks"
  • Developer: "Display key names when authorizing connections"

Note

If you're migrating from an existing setup, you may want to disable, comment-out, or otherwise remove any existing configuration in ~/.ssh/config.

Additionally, you may want (or need) to remove the credential.helper setting in ~/.gitconfig. On macOS, this setting is often configured to osxkeychain.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment