1Password: Difference between revisions

(15 intermediate revisions by 10 users not shown)

Line 1:

= ~~Using 1Password on~~ NixOS =

[https://1password.com/ 1Password] is a password manager.

If you're using NixOS, you can enable 1Password and its GUI by:

== NixOS ==

=== Installation ===

If you're using [[NixOS]], you can enable 1Password and its GUI with:

{{file|/etc/nixos/configuration.nix|nix|<nowiki>

{ config, lib, pkgs, ... }:

Line 23:

Line 28:

</nowiki>}}

~~== Unlocking Browser Extensions ==~~

The 1Password app can unlock your browser extension using a special NativeMessaging process. This streamlines your 1Password experience: Once you unlock 1Password from your tray icon, your browser extensions will be unlocked as well.

This is automatically configured for Firefox, Chrome, and Brave browsers. However, Vivaldi and other custom Chrome-based browsers may not unlock when you unlock 1Password. If you find this to be the case, the solution is to set the <code>/etc/1password/custom_allowed_browsers</code> file as follows:

=== Unlocking browser extensions ===

{{warning|1=This only works for browsers that are installed via [[NixOS]]. Browsers installed via [[Flatpak]] are not supported.}}

The 1Password app can unlock your browser extension using a special [https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Native_messaging native messaging] process. This streamlines your 1Password experience: Once you unlock 1Password from your tray icon, your browser extensions will be unlocked as well.

This is automatically configured for [[Firefox]], [[Chrome]], and [[Brave]] browsers. However, [[Vivaldi]] and other custom Chrome-based browsers may not unlock when you unlock 1Password. If you find this to be the case, the solution is to set the <code>/etc/1password/custom_allowed_browsers</code> file as follows:

* First, use <code>ps aux</code> to find the application name for the browser. For Vivaldi, this is <code>vivaldi-bin</code>

* Add that binary name to <code>/etc/1password/custom_allowed_browsers</code>

* Add that binary name to <code>/etc/1password/custom_allowed_browsers</code>:

Line 44:

Line 53:

</syntaxhighlight>

=== Unlocking with System Authentication ===

1Password allows [https://support.1password.com/system-authentication-linux/ unlocking with system authentication]. This means fingerprints or login passwords may be used in addition to the master password. This must be enabled under the Security preferences tab of 1Password as outlined in the 1Password documentation, but also requires a few other system tools to work.

For the graphical authentication prompt to work, a user [[Polkit#Authentication_agents|Polkit authentication agent]] must be started. The authentication agent may automatically be started under Gnome, KDE, or other DE at login, but may need to be explicitly enabled for other window managers.

For fingerprint unlocking to work, [[Fingerprint scanner|fingerprint scanning]] to be enabled and allowed for typical system authentication.

== Home Manager ==

{{warning|1=Non-[[NixOS]] installs [https://www.1password.community/discussions/1password/sandboxed-application-cant-communicate-with-browser-extension/91984/replies/92015 will not link with browser extensions or system authentication] }}

=== Installation ===

Add the following to your [[Home Manager]] configuration:

home.packages = [

pkgs._1password

pkgs._1password-gui

];

</syntaxhighlight>

=== SSH key management ===

1Password [https://developer.1password.com/docs/ssh/ can manage SSH keys].

== ~~1Password,~~ SSH ~~keys and Home Manager~~ ==

==== Configuring SSH ====

If 1Password manages your SSH keys and you use [~~https://nix-community.github.io/home-manager/index.xhtml~~ Home Manager], you may also configure your <code>~/.ssh/config</code> file using Nix:

If 1Password manages your [[SSH]] keys and you use [[Home Manager]], you may also configure your <code>~/.ssh/config</code> file using Nix:

{{note|In order to start the 1Password SSH agent, you must open the 1Password settings, go to the Developer section and check the checkbox "Use the SSH agent".}}

Line 58:

Line 95:

extraConfig = ''

Host *

~~IdentitiesOnly=yes~~

IdentityAgent ${onePassPath}

'';

Line 65:

Line 101:

</syntaxhighlight>

= ~~On non~~-~~NixOS installs (TODO)~~ =

==== Configuring Git ====

You can enable [[Git]]'s [[SSH]] signing with [[Home Manager]]:

{

programs.git = {

enable = true;

extraConfig = {

gpg = {

format = "ssh";

};

"gpg \"ssh\"" = {

program = "${lib.getExe' pkgs._1password-gui "op-ssh-sign"}";

};

commit = {

gpgsign = true;

};

user = {

signingKey = "...";

};

}

</syntaxhighlight>

[[Category:Applications]]

@@ Line 1: / Line 1: @@
-= Using 1Password on NixOS =
+[https://1password.com/ 1Password] is a password manager.
-If you're using NixOS, you can enable 1Password and its GUI by:
+== NixOS ==
+=== Installation ===
+If you're using [[NixOS]], you can enable 1Password and its GUI with:
 {{file|/etc/nixos/configuration.nix|nix|<nowiki>
 { config, lib, pkgs, ... }:
@@ Line 23: / Line 28: @@
 </nowiki>}}
-== Unlocking Browser Extensions ==
-The 1Password app can unlock your browser extension using a special NativeMessaging process.  This streamlines your 1Password experience:  Once you unlock 1Password from your tray icon, your browser extensions will be unlocked as well.
-This is automatically configured for Firefox, Chrome, and Brave browsers.  However, Vivaldi and other custom Chrome-based browsers may not unlock when you unlock 1Password.  If you find this to be the case, the solution is to set the  <code>/etc/1password/custom_allowed_browsers</code> file as follows:
+=== Unlocking browser extensions ===
+{{warning|1=This only works for browsers that are installed via [[NixOS]]. Browsers installed via [[Flatpak]] are not supported.}}
+The 1Password app can unlock your browser extension using a special [https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Native_messaging native messaging] process.  This streamlines your 1Password experience: Once you unlock 1Password from your tray icon, your browser extensions will be unlocked as well.
+This is automatically configured for [[Firefox]], [[Chrome]], and [[Brave]] browsers.  However, [[Vivaldi]] and other custom Chrome-based browsers may not unlock when you unlock 1Password.  If you find this to be the case, the solution is to set the  <code>/etc/1password/custom_allowed_browsers</code> file as follows:
 * First, use <code>ps aux</code> to find the application name for the browser.  For Vivaldi, this is <code>vivaldi-bin</code>
-* Add that binary name to <code>/etc/1password/custom_allowed_browsers</code>
+* Add that binary name to <code>/etc/1password/custom_allowed_browsers</code>:
 <syntaxhighlight lang="nix">
@@ Line 44: / Line 53: @@
 </syntaxhighlight>
+=== Unlocking with System Authentication ===
+Password allows [https://support.1password.com/system-authentication-linux/ unlocking with system authentication]. This means fingerprints or login passwords may be used in addition to the master password. This must be enabled under the Security preferences tab of 1Password as outlined in the 1Password documentation, but also requires a few other system tools to work.
+For the graphical authentication prompt to work, a user [[Polkit#Authentication_agents|Polkit authentication agent]] must be started. The authentication agent may automatically be started under Gnome, KDE, or other DE at login, but may need to be explicitly enabled for other window managers.
+For fingerprint unlocking to work, [[Fingerprint scanner|fingerprint scanning]] to be enabled and allowed for typical system authentication.
+== Home Manager ==
+{{warning|1=Non-[[NixOS]] installs [https://www.1password.community/discussions/1password/sandboxed-application-cant-communicate-with-browser-extension/91984/replies/92015 will not link with browser extensions or system authentication] }}
+=== Installation ===
+Add the following to your [[Home Manager]] configuration:
+<syntaxhighlight lang="nix">
+  home.packages = [
+    pkgs._1password
+    pkgs._1password-gui
+  ];
+</syntaxhighlight>
+=== SSH key management ===
+Password [https://developer.1password.com/docs/ssh/ can manage SSH keys].
-== 1Password, SSH keys and Home Manager ==
+==== Configuring SSH ====
-If 1Password manages your SSH keys and you use [https://nix-community.github.io/home-manager/index.xhtml Home Manager], you may also configure your <code>~/.ssh/config</code> file using Nix:
+If 1Password manages your [[SSH]] keys and you use [[Home Manager]], you may also configure your <code>~/.ssh/config</code> file using Nix:
+{{note|In order to start the 1Password SSH agent, you must open the 1Password settings, go to the Developer section and check the checkbox "Use the SSH agent".}}
 <syntaxhighlight lang="nix">
@@ Line 58: / Line 95: @@
      extraConfig = ''
        Host *
-          IdentitiesOnly=yes
            IdentityAgent ${onePassPath}
      '';
@@ Line 65: / Line 101: @@
 </syntaxhighlight>
-= On non-NixOS installs (TODO) =
+==== Configuring Git ====
+You can enable [[Git]]'s [[SSH]] signing with [[Home Manager]]:
+<syntaxhighlight lang="nix">
+{
+  programs.git = {
+    enable = true;
+    extraConfig = {
+      gpg = {
+        format = "ssh";
+      };
+      "gpg \"ssh\"" = {
+        program = "${lib.getExe' pkgs._1password-gui "op-ssh-sign"}";
+      };
+      commit = {
+        gpgsign = true;
+      };
+      user = {
+        signingKey = "...";
+      };
+    };
+  };
+}
+</syntaxhighlight>
+[[Category:Applications]]