New Category Suggestions

I'd like to register a few suggestions for new categories to be considered in future releases.

1. SSL/SSH Keys

It would be nice to for these to have fields for

  • public key (displayed in ASCII armor format)
  • private key (ASCII armor format when revealed)
  • a few other x509 attributes like expiration date, CN, issuer.
  • server name where private key is deployed
  • file system location where private key is deployed
  • role - such as serving TLS, signing tokens, etc.

2. API Keys

I'm thinking of fields like

  • key id
  • secret
  • API host/app for which the key/secret is valid
  • expiration, if any

3. Database Connections

This differs among DB vendors and even between different drivers for a particular vendor. For my present work environment, I'm interested in Oracle, SQLServer, MySQL, MariaDB, and MongoDB. I'm sure others have their own selections to work with. I'm thinking of fields like

  • connect string
  • uid
  • password
  • environment

That's all I have for now. I'm sure you've accumulated several of your own. Of course, we can make these ourselves by customizing a raw note. But it would be slick to have the categories and custom icons for them.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

«1

Comments

  • ag_anaag_ana

    Team Member
    edited March 2019

    Hi @pglezen!

    Thank you very much for taking time out of your day to to share this feedback! We appreciate every idea that could make 1Password even better.

    I can see how this could be useful to you, so while I cannot make any promises, I can tell you that I have shared your feedback internally :)

    Once again, thank you and have a wonderful day!

  • Hi @pglezen,

    databases actually exist as a category. I use it to store my Postgres credentials for work. But there could be more pre-existing fields specific to the different databases, but given how many variables there are I think the current category is more than enough since you can add custom fields.

  • ag_anaag_ana

    Team Member

    @peacekeeper is absolutely right! You can also add custom fields and sections to your items. So even if we don't have all the categories you would like, you can still tweak the existing ones so that they can fit your workflow.

  • Indeed, I noticed the database category over the weekend. I'm not sure how I missed it earlier. It's just what I was looking for. Thanks @peacekeeper for pointing this out and @ag_ana for forwarding the suggestion.

  • ag_anaag_ana

    Team Member

    @pglezen, you are very welcome!

    If you have any other questions or suggestions, please feel free to reach out anytime.

    Have a wonderful day :)

  • mickaelmickael
    edited April 2019

    SSH keys templates is definitely missing.

    The trouble is that custom fields seems to be limited to one line input entries, and SSH private key files needs multiline input.

    So that would be great to have both :dizzy:

    • a custom multiline field
    • a template for ssh key

    In a more general approach, you should have a look at what your competitors do, and create templates that could perfectly match what users have in their preceding software :) It will help a lot to migrate to 1password.

  • ag_anaag_ana

    Team Member

    Thank you for weighing in on this @mickael with both ideas!

  • brentybrenty

    Team Member

    @mickael: Just to clarify, there is nothing stopping you from creating an ad hoc "template" item that meets your needs and duplicating it for reuse, but also 1Password Business has a beta feature that supports custom templates as well. We're not going to create templates for every single use case ourselves though, as 1) we get requests for hundreds (if not thousands) of those, and 2) not everyone has the same idea of what a template for any given use case should consist of anyway. ;)

  • MrCMrC Community Moderator

    @mickael ,

    As a developer who has had to deal with the poor export formats of most password managers, I can tell you with certainty that custom templates are a double-edge sword. Users create them, and then when they abandon their password manager for another one, they are deeply distressed when their data gets poorly converted and put into a generic Notes category, or into a Notes section. This is common-place and I deal with this routinely.

    Customization is good, but it also does lock you in somewhat. It requires real effort to move on.

  • BenBen AWS Team

    Team Member

    I think that is a very valuable perspective @MrC. Thanks for sharing. :)

    Ben

  • @MrC Yeah, I know the nightmare to move from one password manager to another, and you're right that's really painful when the new one doesn't have the same templates as the old ;)

    @brenty You're right, custom fields may be sufficient for our use case.
    However, I didn't find a way to create a multiline custom field. As I spotted previously, private SSH keys needs a multiline input.

    Is it something planned ?

  • BenBen AWS Team

    Team Member

    Is it something planned ?

    Not currently, no. The built-in "notes" field is multi-line though.

    Ben

  • The multiline field is an excellent suggestion; +1 :wink:

    I know it's possible in notes, but I would like to hide the SSH keys by default (by marking them as a password?)

    Hm. Maybe I then also want a new field type "key"...

  • Small update on this, by using the CLI I successfully created my SSH Key template, it uses the default Server template, and I added fields for public/private key.
    Multiline fields can be created using the CLI:

                    "k": "string",
                    "a": {
                        "multiline": "yes"
                    },
                    "n": "private_key",
                    "v": self.privatekey,
                    "t": "Private Key"
    
  • @mickael Wow! I would like to do this as well, but I'm afraid I need more instructions...

    Can you please elaborate a bit more?

    (What cli commands are needed to achieve this? What does self.privatekey refer to?)

  • mickaelmickael
    edited April 2019

    @XIII Here is a script example:

    I updated the script because according to @cohix you have to generate field/sections UUID.

    #!/usr/bin/env bash
    set -e
    
    SESSION=$(op signin --output=raw)
    
    ENCODED_REQUEST=$( (cat <<EOF
    {
         "notesPlain": "You can add some notes if you want",
         "sections": [
             {
                 "title": "",
                 "name": "Section_UUIDWITH29CHARS",
                 "fields": [
                     {
                         "k": "concealed",
                         "n": "UUIDWITH26CHARS",
                         "v": "Put your pass phrase here",
                         "t": "Passphrase"
                     },
                     {
                         "k": "string",
                         "n": "UUIDWITH26CHARS",
                         "v": "Put your hostname here",
                         "t": "Hostname"
                     },
                     {
                         "k": "string",
                         "n": "UUIDWITH26CHARS",
                         "v": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDc0Fv29Ovq1Ft1ayBaIGbVoK3XZHaoMFNdeR16f3vm/vPZoH+hCJhibq0DMZTztRhOWoLtNBHiZDVPuQzH6WHqHaHPHzaVYXz1uUbewPvwGuIFa0VS6FlIoKpCNHkBEczPAGYUUDEy5pZxH4K4O/D7YbZzkB2iJF0JVv/j+LqL6tpstTiM84KI5og7ocIP9fwnV8lG/nLwGC4SMSUtnSgRr9SaKXBolNe/bm5o5K1w6dCr0UrSnjAsYLWmE2H8WN3rzX9RT/BjiwBmTgd+A+G8wFTqVYDNDHpUbLdWMGbcOvixHUQtqWb/F4a/Y7KvWGh3gWsxZGrpEwhrDvQC5031 [email protected]",
                         "t": "Public Key"
                     },
                     {
                         "k": "string",
                         "a": {
                             "multiline": "yes"
                         },
                         "n": "UUIDWITH26CHARS",
                         "v": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAQEA3NBb9vTr6tRbdWsgWiBm1aCt12R2qDBTXXkden975v7z2aB/oQiY\nYm6tAzGU87UYTlqC7TQR4mQ1T7kMx+lh6h2hzx82lWF89blG3sD78BriBWtFUuhZSKCqQj\nR5ARHMzwBmFFAxMuaWcR+CuDvw+2G2c5AdoiRdCVb/4/i6i+rabLU4jPOCiOaIO6HCD/X8\nJ1fJRv5y8BguEjElLZ0oEa/UmilwaJTXv25uaOStcOnQq9FK0p4wLGC1phNh/Fjd681/UU\n/wY4sAZk4HfgPhvMBU6lWAzQx6VGy3VjBm3Dr4sR1ELalm/xeGv2Oyr1hod4FrMWRq6RMI\naw70AudN9QAAA9AnU7y8J1O8vAAAAAdzc2gtcnNhAAABAQDc0Fv29Ovq1Ft1ayBaIGbVoK\n3XZHaoMFNdeR16f3vm/vPZoH+hCJhibq0DMZTztRhOWoLtNBHiZDVPuQzH6WHqHaHPHzaV\nYXz1uUbewPvwGuIFa0VS6FlIoKpCNHkBEczPAGYUUDEy5pZxH4K4O/D7YbZzkB2iJF0JVv\n/j+LqL6tpstTiM84KI5og7ocIP9fwnV8lG/nLwGC4SMSUtnSgRr9SaKXBolNe/bm5o5K1w\n6dCr0UrSnjAsYLWmE2H8WN3rzX9RT/BjiwBmTgd+A+G8wFTqVYDNDHpUbLdWMGbcOvixHU\nQtqWb/F4a/Y7KvWGh3gWsxZGrpEwhrDvQC5031AAAAAwEAAQAAAQAlZxG80h3ICDJ5wCyZ\nt5VTqETqEDVdJdppIePRZRi6twLdISedQlR1j+O0f8iIQ2ubkg9NWJ2S6IBzQZgdoLWaL2\nzCJbpcMUg2YyzS/INwV01jt5jlgz/kYnqUfkjk2nwDsECaPj8nLRHclYbR6C1Yl2ONTaMH\nXPt5YogzuGT43/1levkj542HGGnRa6mPjDiPGBO/bosPXTd/yxJ/sDIYZ74ZKWF2kGVgWq\n4S4DPQh+uW0iS1DBHjXS/MfDWLta1vsHzlYEnUF/ZsEtwcnP9e6ZfpWsUiWSFCo+2iA0uO\nyn8RlEA9qh8TAGsybuvQgtn065CUCa+NHak0UTaId2w9AAAAgQCKneRSxoaSCchZsI9Cfp\nsKl+LWSbft7bl+1/xi0i8Egvu8jp8scK3UbJ0nqtSVeMGzn6WyKI7SAnuyrMrJO8H/seBU\ntUzdKo1JQ1QYyVYEqae1cuYcZrj6i+x8kfSojuZzj/7gNJ9t2Q+BkQqRUdQZbbj196uauJ\nzo5QrG0nDsAgAAAIEA/pip6DKc7pE+WR8la1ei922SdPG4hb1v+QO1ZCTx4+qtO8hUET82\nTWvAyORggLGk0d5JwK1b7Z+bdAIR8tauLPqf2AajdM2Qg1jeYl1HHiKnXNHc/hfGpBhRDP\ngvruoKq7VDy69/4LztFRKHsdwR5XzWt5N51tEeoH60L0ABG6sAAACBAN4IA9+50Vg/YMQi\nm90Rh3rQT06UROChvEYBlELZhC7OnwIMlPKvGmtoaKlJbX1rrfdWSYoeOvlj82u2IaBoQw\nFwhdknFh7TZQqZmCLGulHp0ffpjIoP08NgTzk7On8HkKEzZWLFdVrgvqzsHOoH9FWlg3yI\niF8I6f+A7UdLPJzfAAAAFGhlbGxvLmZyb21AZnJhbmNlLmZyAQIDBAUG\n-----END OPENSSH PRIVATE KEY-----",
                         "t": "Private Key"
                     }
                 ]
             }
         ]
     }
    EOF
    ) | op encode)
    op create item Server ${ENCODED_REQUEST} --title="My SSH Key" --session=$SESSION --tags="Test SSH Key"
    

    And the result:

  • BenBen AWS Team

    Team Member

    @mickael

    That isn't a key that you're actually using, right? Just wanted to be sure. :)

    Ben

  • @Ben This is the key of my main server, why ? :p;)

  • BenBen AWS Team

    Team Member

    :tongue:

    Ben

  • Looks like I misunderstood when you said you created a template (I thought the result would be a new template in the GUI).

    Still pretty nice; I definitely need to experiment with this. Thank you for sharing!

  • BenBen AWS Team

    Team Member
    edited April 2019

    The items resulting from this particular example will be in the Servers category / template. :)

    From mickael:

    it uses the default Server template

    Ben

  • Tried it. Works great!

    Thanks again.

  • @Ben How can I remove my domain / secret key from the CLI after I'm done experimenting?

  • How can I remove my domain / secret key from the CLI after I'm done experimenting?

    Do I just remove ~/.op/config?

    (which stores the Secret Key as user readable text, but is permission-wise only readable for the current user)

  • Yeah, I guess this is the only way. If you remove the file, each signin will ask you each time for:

    • the subdomain
    • the secret key
    • the email
    • the password
  • BenBen AWS Team

    Team Member

    Correct.

    Ben

  • XIIIXIII
    edited December 2019

    I'm using the holidays to clean up my 1Password database and (finally) want to use this "template" to administer each SSH key pair in a single entry instead of multiple documents.

    While it seems to work, I notice that when I make both the private and the public key multiline concealed fields, only a single line will be displayed when pressing the "alt" key. Is this a bug of a feature?

    Additionally, when tapping that "alt" key multiple times the field name ("private key") of the second field is sometimes not displayed...

  • BenBen AWS Team

    Team Member

    As far as I'm aware editing of the built-in templates like this isn't a supported feature, so while this may technically be a bug (a behavior that was unintended), it isn't likely to be one that would receive much/any priority until/unless we were to begin working toward making the templates editable. I can double check with development if you like but I suspect they're more likely to say "let's fix the bug that allows for changing the template" vs "let's fix the glitch in the display when people use this unsupported feature." ;)

    Ben

  • I'd be happy to get templates as a personal (instead of corporate) customer, but since those are not available for us (yet?), I'm stuck with using this unsupported feature... So yes, please ask your developers (I might "win" something either way ;) )

    @mickael How does this work out for you so far? I was trying to copy the private key from 1Password on iOS into Blink or Prompt 2 and both rejected the key (or passphrase). Some further investigation revealed that newlines in the private key became spaces (maybe because I edited the entry after generating it from the command line?). Any tips on how to handle those?

  • @XIII Well, I use it on a daily basis through the op-tools helpers ssh-add and new-ssh-key available on github https://github.com/mickaelperrin/onepassword-tools. It works like a charm.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file