Streamlining Devcontainer Workflow: SSH Authentication and Key Signing with 1Password
Effortlessly Integrating Advanced SSH Techniques into Your Development Environment
I’m going to keep it a buck fifty with y’all: I had this problem, wrote a lil markdown file with bullet points about how I solved it, and fed it to ChatGPT to fill in the post. It even came up with this horrible and verbose title. What’s wild to me is that it messed up the numbers and skipped step 3. Counting is hard for everybody.
I didn’t want to write a whole blog post, but I felt like I needed to post it because this issue was really annoying to figure out but super cool once it’s working. I probably spent more time with that “featured image” edit than I did the post. I love AI. Now for the robot talk.
As a Windows user utilizing Docker Desktop, 1Password, and VSCode devcontainers, I’ve encountered a frustrating problem: I wanted to start a container with VSCode and use my SSH key stored in 1Password automatically, without having to add it to the
~/.ssh/ folder every time (it also enables commit signing, but the robot forgot to say that). In this blog post, I'll guide you through the steps to achieve this seamlessly.
Step 1: Configure SSH Key
Firstly, create an SSH key in 1Password. This key will be used later in the process.
Then, add this SSH key as a signing key to your GitHub account. Note that an authentication key and signing key are different things. Click the dropdown for “Key type” and set “Signing Key” as shown in the screenshot attached.
Step 2: 1Password SSH Agent
1Password includes an SSH agent within their client. To enable it, navigate to
1Password --> Settings --> Developer and check the "Use the SSH agent" option.
It actually didn’t start the first time I ran it. Unclicking the checkbox and checking it again will restart the service. You can validate it’s working by opening PowerShell and running
ssh-add -l. If nothing comes up after you've created the key or an error pops up, then you have an issue with the service.
Step 4: Add Configuration to .gitconfig
.gitconfig file. It's important to note that setting a profile
.gitconfig will automatically copy that configuration to your devcontainer. However, you will need to delete the
[gpg "ssh"] section because the devcontainer won't have access to the file path of that binary.
Also, ensure your VSCode is configured correctly to copy the
.gitconfig. This might be a default setting in newer VSCode versions, but it's worth checking.
Step 5: VSCode SSH Agent Forwarding
This process should be configured automatically. If you have an SSH agent running on your host machine, it will automatically be forwarded to your devcontainer. You can verify this by running
codespace ➜ /workspaces/intel-go (master) $ echo $SSH_AUTH_SOCK
Step 6: Testing
Here’s my config for
RUN apt-get update \
&& apt-get install -y sudo \
&& echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \
&& chmod 0440 /etc/sudoers.d/$USERNAME
# Rest of config goes here...
It’s essential to use a non-root user in your devcontainer (like
codespace) with the
universal package. This is because a
~/.gitconfig will automatically be created if you're using the root user.
Finally, open the devcontainer, check for
.gitconfig, ensuring the options from 1Password are enabled. Then, try to commit inside the devcontainer session to see if authentication works and the commit is signed. A commit that shows up as signed will have the "Verified" badge.
This setup streamlines the integration of 1Password’s SSH keys with Docker and VSCode, making the developer’s workflow much more efficient.