How to configure 1Password SSH Key and automatically sign your commits on GitHub?

  1. First generate ssh key using 1Password and save it in Vault. Optionally you can add your existing keys manually.

  2. On 1Password Settings -> Developer check Use the SSH agent box.

  3. Create allowed-signers file, Sublime Merge complains if it can't find this file and shows all commits as invalid.

mkdir -p /home/$(whoami)/config/git/
touch /home/$(whoami)/config/git/allowed-signers
mkdir -p /home/$(whoami)/config/git/
touch /home/$(whoami)/config/git/allowed-signers
  1. Update your local git configuration ~/.gitconfig 
[gpg]
    format = ssh
[gpg "ssh"]
    program = /opt/1Password/op-ssh-sign
    allowedSignersFile = /home/user/config/git/allowed-signers
[commit]
    gpgsign = true
[user]
    signingKey = ssh-ed25519 pubkey
    name = Your name
    email = [email protected]
[init]
    defaultBranch = main
[gpg]
    format = ssh
[gpg "ssh"]
    program = /opt/1Password/op-ssh-sign
    allowedSignersFile = /home/user/config/git/allowed-signers
[commit]
    gpgsign = true
[user]
    signingKey = ssh-ed25519 pubkey
    name = Your name
    email = [email protected]
[init]
    defaultBranch = main
  1. Update local SSH configuration to use 1Password's SSH agent for all hosts ~/.ssh/config 
Host *
        IdentityAgent ~/.1password/agent.sock
Host *
        IdentityAgent ~/.1password/agent.sock
  1. Finally Add your public key to your GitHub account Settings -> SSH and GPG keys -> Signing keys

1Password will pop-up to authorize the use of your private key and if you generated your private key in the app it is never saved on the computer.

More information how to sign commits with SSH key:

https://developer.1password.com/docs/ssh/git-commit-signing/