1Password is a commercial password manager.
You can use the password manager from their web interface, or use their browser extension, or use their desktop app, or use their command-line interface. Installation instructions for Linux are here.
It's great that 1Password supports Linux. I can't imagine how small their Linux customer base is, so the fact that they'd spend a good chunk of money to support it is impressive. But sadly, not all Linux distributions are supported.
If you are using Alpine Linux, their downloadable tarball of their application will not work, as Alpine is built with musl rather than glibc. (You can install a glibc compatibility later in Alpine, but 1Password still won't run)
Your only officially-supported option left is to use Flatpak. But sadly, again, using Flatpak leaves several important 1Password features unsupported:
If you install 1Password with Flatpak, you’ll have access to all the features 1Password for Linux has to offer except:
You’ll need to lock and unlock 1Password in your browser separately from the app.
You won’t be able to unlock 1Password or 1Password CLI with system authentication.
You won’t be able to use the SSH agent.
Well that's not great! Is there any way around this limitation so we can still get all the 1Password Desktop features in unsupported platforms? Turns out there is: Docker.
Docker is a containerization runtime, like Flatpak. The benefits of Docker over Flatpak are that there's a larger ecosystem of apps, people are more familiar with it, and it's supported on more platforms (afaik).
Using Docker we can build a custom Docker container, run it on Alpine Linux, and pass the secret incantations of command-line options that will let 1Password Desktop work as we want. Even with the fancy SSH agent options and desktop/browser integration!
This method should work (in theory) on any system Docker can run on. However, I've only tested it on Alpine Linux v3.17 on an x86_64 machine.
There's plenty of guides on the 'net for that. Once you can run a Docker container as a normal user in Alpine, continue.
- Copy the
Dockerfile
attached to this gist to a new file named1password.Dockerfile
. - Build a new container using it:
$ docker build -t my-1password-op -f 1password.Dockerfile .
- If your local Docker images ever get blown away, you'll need to build this container again, so don't lose these files.
- Copy the
1password.sh
file attached to this gist to a new file of the same name. - Make it executable (
chmod +x 1password.sh
)
If you want to use SSH Agent forwarding for 1password, add the SSH configuration options to your SSH config file according to the 1Password SSH Agent documentation.
Make sure to add your SSH keys to 1Password, then remove them from your local machine.
- Turn on the ssh agent in 1Password
- Make the ssh directory (
mkdir -p ~/.ssh && chmod 0700 ~/.ssh
) - Copy the contents of the
ssh-config
file in this gist to a file called$HOME/.ssh/config
- Modify your SSH config as needed.
If you want to sign your Git commits with 1Password, see the docs here.
- Follow Step #4 above.
- Make sure GPG is installed.
- Add an SSH key to 1Password that will be used for Git commit signing.
- Add that same SSH key to GitHub (or your DVCS or choice)
- Copy the entries from the
.gitconfig
in this gist to your$HOME/.gitconfig
. Replace any entries in that file with ones from your system, such as your name, email address, the public key of the SSH key to sign your commits with, etc. - Copy the contents of the
op-ssh-sign.sh
script to a new file on your filesystem. Give it executable permissions (chmod +x op-ssh-sign.sh
) and ut the full path to that script in the.gitconfig
file you created earlier.
- Run
1password.sh
. You can do this from your desktop's preferred method of running a command-line program, or make a shortcut, or run it from a terminal. If you run it from a terminal, closing the terminal will close 1Password. If you have a task bar on your desktop, you should see an icon for 1Password appear. - If you are running 1Password Desktop for the first time, you will need to sign in and unlock 1Password.
- Attempt to use SSH as you would before. You may need to unlock 1Password Desktop first.
- Attempt to commit a file in Git. It should fail if it can't sign the commit properly.
I hope this guide has been useful for those of you on "weird" Linux distributions! Please comment on this Gist if you have questions or comments.
I do hope 1Password finds a way to support their extra features with Flatpak or Docker, so more users can take advantage of the tool without these workarounds.