Manage SSH keys
Requirements
Before you can use 1Password CLI to manage your SSH keys, you'll need to:
- Sign up for 1Password.
- Install 1Password CLI (
2.20.0or later).
Generate an SSH key
You can use op item create with the ssh item category to generate a new SSH key. To import an existing SSH key, use the 1Password desktop app.
1Password CLI generates an SSH key and saves it as a new item in your built-in Personal, Private, or Employee vault, then prints the key to stdout with the private key redacted. The item includes the key type, private key, public key, and its fingerprint.
By default, 1Password CLI creates an Ed25519 key. To create an RSA key instead, use the --ssh-generate-key flag to specify RSA. Include the number of bits to specify a custom size: 2048, 3072 or 4096 (default).
For example, to generate a 2048-bit RSA key:
Get a private key
To get an SSH key's private key, use op read with a secret reference for the item's private key field. Include the ssh-format query parameter with openssh to get the private key in the OpenSSH format.