[yabones]

Other commenters have mentioned sync, which is absolutely nice, but one other advantage is shared keys.

Obviously it's not ideal to share SSH keys, but lots of teams will share the default EC2 keypair for example. This makes it much easier to pop that key into 1Pass, share it with the team, and easily get everyone into the box.

And, frankly, 1Password gui is much more user-friendly than other SSH agents. Personally, I'll stick with the tried and true OpenSSH agent, but I know many will be attracted by this feature.

[zrail]

Point of order: afaict currently keys can be put in a shared vault but only keys in a private vault can be accessed by the agent. So the workflow would be everyone copies the shared keys into their private vault.

[AlexandrB]

> Other commenters have mentioned sync

Isn't this an anti-feature? The ability to revoke an SSH key specific to a stolen laptop from a server or your Github account seems like a benefit. Using the same SSH key on every machine is a downgrade.

On the other hand, the ability to manage access to shared keys is really nice.

[Yeri]

I guess rotating one key is easier though. Just update in 1psw and done.

[tialaramex]

But why are you "rotating" keys? Most of the reasons people give involve unnecessary exposure of the private key material, which is exactly what you're encouraging by having 1password keep these keys instead of them living on individual hardware.

[Yeri]

Well keeps are also shared via chat or emails and people exit the company. Sure taking out one key is more precise but rotating all is probably easier

[tialaramex]

You may notice they aren't called "Fun size sharing keys" or "Family pack keys" but instead "Private keys" because of that word "Private".

You don't need to wait for people to "exit the company". Sharing private keys was wrong, invalidate those keys. If somebody else knows your private key it isn't private any more. Get this stuff right and rotating keys is unecessary, get it wrong and rotating keys can't help you.

[kristjansson]

Presumably if the laptop is stolen, the key isn’t exposed because it’s in 1Password, and the attacker doesn’t have your master password?

[hobobaggins]

Has anyone compared the new 1password GUI for ssh keys to the Userify one, esp for a team? The userify one is only for SSH keys, but it seems great for safely managing public keys and leaving the private keys safe on our dev laptops (you can put in more than one key so a user can just disable one key at a time, and then it also has a great feature of actually killing all remote sessions when you remove the user account across all the servers -- haven't seen anything else that can do that.) The UI is perhaps a bit simplistic but it seems to do the job.