How to configure 1Password SSH Key and automatically sign your commits on GitHub?

  1. First generate ssh key using 1Password and save it in Vault. Optionally you can add your existing keys manually.

  2. On 1Password Settings -> Developer check Use the SSH agent box.

  3. Create allowed-signers file, Sublime Merge complains if it can't find this file and shows all commits as invalid.

mkdir -p /home/$(whoami)/config/git/
touch /home/$(whoami)/config/git/allowed-signers
mkdir -p /home/$(whoami)/config/git/
touch /home/$(whoami)/config/git/allowed-signers
  1. Update your local git configuration ~/.gitconfig
[gpg]
format = ssh
[gpg "ssh"]
program = /opt/1Password/op-ssh-sign
allowedSignersFile = /home/user/config/git/allowed-signers
[commit]
gpgsign = true
[user]
signingKey = ssh-ed25519 pubkey
name = Your name
[init]
defaultBranch = main
[gpg]
format = ssh
[gpg "ssh"]
program = /opt/1Password/op-ssh-sign
allowedSignersFile = /home/user/config/git/allowed-signers
[commit]
gpgsign = true
[user]
signingKey = ssh-ed25519 pubkey
name = Your name
[init]
defaultBranch = main
  1. Update local SSH configuration to use 1Password's SSH agent for all hosts ~/.ssh/config
Host *
IdentityAgent ~/.1password/agent.sock
Host *
IdentityAgent ~/.1password/agent.sock
  1. Finally Add your public key to your GitHub account Settings -> SSH and GPG keys -> Signing keys

1Password will pop-up to authorize the use of your private key and if you generated your private key in the app it is never saved on the computer.

More information how to sign commits with SSH key:

https://developer.1password.com/docs/ssh/git-commit-signing/