Manage SSH keys

Requirements

Before you can use 1Password CLI to manage your SSH keys, you'll need to:

• Sign up for 1Password.
• Install 1Password CLI (2.20.0 or later).

Generate an SSH key

You can use op item create with the ssh item category to create new SSH keys.

1Password CLI generates an SSH key and saves it as a new item in your Personal or Private vault, then prints the key to stdout with the private key redacted. The item includes the key type, private key, public key, and its fingerprint.

By default, 1Password CLI creates an Ed25519 key. For example:

op item create --category ssh --title "My SSH Key"

To create an RSA key instead, use the --ssh-generate-key flag to specify RSA. Include the number of bits to specify a custom size: 2048, 3072 or 4096 (default). For example, to generate a 2048-bit RSA key:

op item create --category ssh --title "RSA SSH Key" --ssh-generate-key RSA,2048

Get a private key

To get an SSH key's private key, use op read with a secret reference for the item's private key field. Include the ssh-format query parameter with openssh to get the private key in the OpenSSH format.

op read "op://Private/ssh keys/ssh key/private key?ssh-format=openssh"

See result...

-----BEGIN OPENSSH PRIVATE KEY-----

b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABD3rRrf8J

ruD0CxZTYfpbTYAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIJ5B/GnxX6t9jMwQ

G7QE7r5daJLkMKTZhNZhWfvzK2y+AAAAkLgQAivYu/+12/YrZhK5keIAZf4ZgsZsZ2JI2q

qbx23PqgO93oGy1iCxXe3kngQL4cM6lwOZPsZPKCinkN6KxEr6RnXqFRHJbMpOiGeZhTuD

rjeo77HqFdxDqDeckB77XCKL0Ew28H5JlM/WO31XR3Z4VBAgTe+BQLjrFV8WU5UX38hpBJ

PMJyRsK72ZUDDaGQ==

-----END OPENSSH PRIVATE KEY-----

Learn more

• Supported SSH key types
• Use 1Password for SSH & Git
• Manage your SSH keys in the 1Password app
• Sign your Git commits with SSH