Metadata-Version: 2.1
Name: op-askpass
Version: 0.0.10
Summary: Add password-protected ssh keys promptless using 1Password.
Home-page: https://gitlab.com/maciej.gol/op-askpass
Author: Maciej Gol
Author-email: 1kroolik1@gmail.com
License: BSD-3-Clause
Platform: UNKNOWN
Classifier: Programming Language :: Python :: 3
Classifier: License :: OSI Approved :: BSD License
Classifier: Operating System :: Unix
Classifier: Environment :: Console
Classifier: Typing :: Typed
Requires-Python: >=3.6
Description-Content-Type: text/markdown
Requires-Dist: click
Requires-Dist: requests
Requires-Dist: dataclasses ; python_version < "3.7"
Provides-Extra: dev
Requires-Dist: pytest ; extra == 'dev'
Requires-Dist: black ; extra == 'dev'
Requires-Dist: wheel ; extra == 'dev'
Requires-Dist: pytest-mockito ; extra == 'dev'

# op-askpass

Load password-protected ssh keys to your agent without prompts using 1Password.

Currently tested on Ubuntu only.

## Getting started

```bash
$ pip install op-askpass
# This installs 1Password cli locally.
$ op-askpass setup-op-client my.1password.com my_username@gmail.com
$ op-askpass add-key ~/.ssh/id_rsa "my 1Password item name"
# This fetches the password from 1Password and calls ssh-add.
$ op-askpass login my
```

If your operating system (like Ubuntu 18) automatically adds ssh keys, but does not
unlock them use `op-askpass login my --no-skip-existing` to force-unlock keys.

If your system does not have `gpg` binary to verify signature of `op` client, pass
`--no-verify` to `op-askpass setup-op-client` to skip verification.

## Details

`op-askpass` stores a small configuration file and 1Password cli called `op`
in your `$HOME/.op-askpass` directory.

The configuration file contains a mapping from ssh key fingerprint to key path
and 1Password item name. The key path is needed for loading the key when
calling `op-askpass login`. The item name is looked up for password and
provided instead of prompt.

Underneath, `op-askpass` uses `SSH_ASKPASS` command to override prompt and
instead provide the password from 1Password. The only prompt is shown during
`op-askpass login` to retrieve a 30-minutes long session key.

You can list keys added to `op-askpass` using `list-keys` command, and delete not needed
ones with `op-askpass delete-key <path_to_key>`.


### 1Password integration

For regular, non-company users the 1Password domain is `my.1password.com`. For
company users it is usually `company.1password.com`.

Currently, only `password` 1Password items are supported.


