Skip to main content

1Password SSH Agent Configuration

Based off of these instructions:
https://developer.1password.com/docs/ssh/agent/config/

Creating and populating the Config File

The SSH agent config file resides here:

%LOCALAPPDATA%/1Password/config/ssh/agent.toml

which translates on my system to be as follows - but please note, the config and ssh sub-directories may not already be created - in which case, you'd need to create them yourself first.  Similarly, you'd need to create the agent.toml file too. 

This can be done through the app itself:

  • Open and unlock 1Password for Windows and select any SSH key you want to add to the agent config file.
  • Click the three dotted menu at the top right corner of the 1Password app and select Configure for SSH agent.
  • Lock and unlock 1Password to apply the changes.
C:\Users\m.drake\AppData\Local\1Password\config\ssh>dir
 Volume in drive C has no label.
 Volume Serial Number is 68BD-ED4C

 Directory of C:\Users\m.drake\AppData\Local\1Password\config\ssh

11/04/2024  13:37    <DIR>          .
11/04/2024  13:37    <DIR>          ..
11/04/2024  13:38                99 agent.toml
               1 File(s)             99 bytes
               2 Dir(s)  863,233,310,720 bytes free

C:\Users\m.drake\AppData\Local\1Password\config\ssh>

To add identities to the agent, for example my personal SSH key:

[[ssh-keys]]
item = "Martyn's Personal SSH Key 2024"
vault = "Personal"
account = "Martyn Drake"

And we can add to that, for example, by adding work stuff (assuming you're sharing a work vault):

[[ssh-keys]]
item = "Martyn's Personal SSH Key 2024"
vault = "Personal"
account = "Martyn Drake"

[[ssh-keys]]
item = "Martyn Work SSH Key"
vault = "Private"
account = "The Widget Company Inc"

Adding the -A flag to the ssh command will forward those identities on the remote machine, if it's been configured to do so.

Back to top