⚠️ I have been using this plugin for a while without issue. However, it hasn't received much review. YMMV.
age-plugin-op is a plugin for age clients like age
and rage. It allows you to use your 1Password SSH keys with age clients.
- The 1Password CLI installed on
$PATH - An age client such as age or rage
Age plugins must be available in the $PATH. You can download a pre-built binary or build the appropriate system package using nix:
# Example building the darwin-amd64 binary
$ nix build age-plugin-op-darwin-amd64- Generate a new age identity file using the
age-plugin-opplugin. You will be prompted to authenticate with 1Password.$ age-plugin-op --generate "op://Personal/wxrzetxonuggniebjzruxycq/private key" -o age-identity.txt # Created: 2024-02-16 13:25:00.433868 -0800 PST m=+0.003075709 # Recipient: age1op102xjaf99y9u69cf64cl8trptuenerd3gal8t4hc2exd8z4ntvpyquwaf9l AGE-PLUGIN-OP-1Q9D7XC8RDFW0X3F9P7R9WGZDTST5V22CQUMUM3MK6VTKWKJ[...]
- Encrypt a file/stream for the recipient.
$ echo "Hello World" | age -r "age1op102xjaf99y9u69cf64cl8trptuenerd3gal8t4hc2exd8z4ntvpyquwaf9l" > secret.age
- Decrypt the file/stream using the
age-plugin-opplugin.$ age --decrypt -i age-identity.txt -o - secret.age Hello World`
Only RSA and ECD25519 keys are supported since these are the only types supported by 1Password.
This plugin is heavily inspired by the age-plugin-tpm plugin and age-plugin-se plugin. Some internal code from age was used directly.
Licensed under the MIT license. See LICENSE or http://opensource.org/licenses/MIT