Manage SSH keys stored in 1Password. Trigger this skill when the user wants to create SSH keys, add keys to remote servers, configure the 1Password SSH agent, set up git commit signing, add SSH keys to GitHub, troubleshoot SSH auth, or manage ~/.ssh/config or agent.toml. Also use when the user mentions SSH, key management, ssh-copy-id, IdentityAgent, git signing, or "add my key to a server" — even if they don't mention 1Password.
From 1passwordnpx claudepluginhub brightops-ai/brightopsai-plugins-official --plugin 1passwordThis skill uses the workspace's default tool permissions.
Provides demand forecasting, safety stock optimization, replenishment planning, and promotional lift estimation for multi-location retailers managing 300-800 SKUs.
Creates consistent pitch decks, one-pagers, investor memos, financial models, accelerator apps, and fundraising materials from a single source of truth.
Provides expertise on electricity/gas procurement, tariff optimization, demand charge management, renewable PPA evaluation, hedging, load profiling, and multi-facility energy strategies.
All SSH keys are stored exclusively in 1Password. Private keys never exist on disk. The 1Password SSH agent handles all SSH authentication via biometric approval (Touch ID).
SSH_AUTH_SOCK~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock~/.1password/agent.sock~/.config/1Password/ssh/agent.toml — controls which keys the agent offers~/.ssh/config — sets IdentityAgent globally to the 1Password socketop item create --category "SSH Key" --title "<KEY-NAME>" --vault "agentic_ai" --ssh-generate-key ed25519
op item get "<KEY-NAME>" --vault agentic_ai --field "public key"
Add an entry to ~/.config/1Password/ssh/agent.toml:
[[ssh-keys]]
item = "<KEY-NAME>"
vault = "agentic_ai"
Changes take effect immediately — no restart needed. Verify with ssh-add -l.
op item get "<KEY-NAME>" --vault agentic_ai --field "public key" > ~/.ssh/<KEY-NAME>.pub
chmod 600 ~/.ssh/<KEY-NAME>.pub
ssh-copy-id -f -i ~/.ssh/<KEY-NAME>.pub user@host
export GH_TOKEN="$(op read 'op://agentic_ai/GitHub Token/token')"
gh ssh-key add ~/.ssh/<KEY-NAME>.pub --title "<KEY-NAME>" --type authentication
gh ssh-key add ~/.ssh/<KEY-NAME>.pub --title "<KEY-NAME>-signing" --type signing
Git is configured globally to sign with SSH via 1Password:
gpg.format = sshgpg.ssh.program = /Applications/1Password.app/Contents/MacOS/op-ssh-signcommit.gpgsign = true, tag.gpgsign = true~/.ssh/allowed_signersTo add a new signing key to allowed_signers:
PUBLIC_KEY=$(op item get "<KEY-NAME>" --vault agentic_ai --field "public key")
echo "email@example.com $PUBLIC_KEY" >> ~/.ssh/allowed_signers
IdentityFile in ~/.ssh/config pointing to .pub files — it
causes "invalid format" errors. The 1Password agent offers keys automatically.IdentityFile/IdentitiesOnly if using agent.toml to limit keys
per host.Private must be explicitly added to agent.toml to
be served by the agent.op CLI flag is --categories "SSH Key" (plural), not --category.ssh-add -l shows nothing, check that the 1Password app is unlocked and
the key is listed in agent.toml.