Skip to main content

Verify the authenticity of 1Password CLI

To confirm the authenticity of 1Password CLI, the tool and all its updates are digitally signed and offered exclusively through the 1Password CLI download page. Always get updates directly from 1Password, and always check to make sure that you have the latest version.

ZIP file

To confirm that the contents of the 1Password CLI ZIP file are authentic, unzip the file, then run the following command in the unzipped folder:

Package file

To confirm the 1Password CLI installer file is authentic, you can verify the digital signature before installation.

  1. Double-click the 1Password CLI installer to open it. If you see "This package will run a program to determine if the software can be installed", click Continue. This will not begin the installation.
  2. Click the lock icon in the top right corner of the installer window. If you don't see the lock icon, the package is unsigned, and you shouldn't install it.
  3. Select Developer ID Installer: AgileBits Inc. (2BUA8C4S2C). If you see a different developer ID, or the certificate doesn't have a green checkmark indicating that it's valid, don't install the package.
  4. Click the triangle next to Details and scroll down.
  5. Make sure that the SHA-256 fingerprint in the installer matches the following fingerprint from the current AgileBits certificate. If they match, the signature is verified; click OK and continue installation.
The 1Password CLI installer window showing the developer ID and fingerprints.The 1Password CLI installer window showing the developer ID and fingerprints.
HashFingerprint
SHA25614 1D D8 7B 2B 23 12 11 F1 44 08 49 79 80 07 DF 62 1D E6 EB 3D AB 98 5B C9 64 EE 97 04 C4 A1 C1

The installer automatically verifies the files in the package. If any file has an issue, installation stops without changes to your system, and you'll see a message that the installer encountered an error.

Was this page helpful?