DEV Community: Jason Harris

Join the 1Password Hackathon hosted by Hashnode and compete for $10,000 in prizes

Jason Harris — Thu, 01 Jun 2023 22:13:07 +0000

We love hackathons. In fact, that’s where the idea for 1Password came from – with all-night coding sessions that demanded credentials throughout the process.

Hackathons are high-energy, creative marathons that serve as a playground for innovation and collaboration, and often result in exciting projects that are a joy to deliver. That’s why we’re excited to announce the first virtual 1Password Hackathon hosted by Hashnode.

Taking place June 1st through June 30th, participants will compete for a chance to win $10,000 in cash prizes by building with 1Password Developer Tools and Passage by 1Password.

As much fun as in-person hackathons are, we’re also big fans of virtual ones that are global in scope and inclusive of all skill levels. If you’re a developer looking to sharpen your skills, network with like-minded individuals, and craft something extraordinary, the Hashnode Hackathon should be on your list. There are 10,000 reasons why – and utilizing 1Password Developer Tools and Passage can make your experience even better.

Your mission – and the tools in your toolbelt

1Password Developer Tools brings the speed and security of biometrics to your dev workflows. Passage unlocks passwordless sign-in – powered by passkeys – for your users. Hackathon participants will receive two free months of 1Password and 1Password Developer Tools, including Shell Plugins and 1Password CLI for new customers. For Passage, the free tier will suffice for hackathon purposes.

Let’s talk details. For the hackathon event, we’re challenging you to build with or on top of these tools:

Passage by 1Password: The easiest way to implement passkey authentication in your app or website.
1Password Shell Plugins: Eliminate API access keys stored on disc and securely authenticate any CLI with your fingerprint, Apple Watch, or other biometrics.
1Password CLI: Automate administrative tasks, securely provision secrets across development environments, and use biometrics to authenticate in the terminal.

What are 1Password Developer Tools?

1Password is a password management platform used extensively in the developer community, in part because of features designed specifically for developers.

With 1Password Developer Tools, you can securely store passwords, API keys, and other secrets, then access them in your code or easily share with your team members. This not only makes your project more secure but also simplifies collaboration.

What is Passage by 1Password?

Passage allows you to implement seamless passwordless authentication in your app or website with just a few lines of code. Eliminate passwords for good with Passkey Complete, a standalone solution that defaults to passkeys with fallbacks to other passwordless methods. Or use Passkey Flex to add support for passkeys alongside your existing password-based auth flow. Passage takes care of authentication so you can focus on the core logic of your hackathon project.

During the June Hackathon, we invite you to show off your skills and submit a project that expands Passage by integrating it with other platforms, like Supabase. Or, you could build one that shows a creative way Passage can be used to streamline sign-in for your application or service.

Want to really impress the judges? Make your project multi-platform and show how Passage works across systems and devices.

Examples from the community

1Password wouldn’t be 1Password without the developer community. In fact, more than half of our published Shell Plugins have been written by the community!

We’ve seen some amazing projects and integrations built on the 1Password CLI, including the VS Code integration and a community-written JetBrains integration. And we can’t wait to see what Hackathon participants build to extend Passage to new frameworks and platforms. If you’re looking for inspiration, we’d love to see more integrations like the newly published Supabase package.

And for even more projects contributed by the community, see the 1Password Community Showcase.

To get started, register to participate with Hashnode. You’ll receive an email containing a coupon code and instructions to redeem your two free months of 1Password for new customers.

Get support from the 1Password community

Need some guidance to help you get started – or to stay on track? We’re here to help.

Chat with other devs in our Developer Slack community and on the Hashnode Discord.
Set up a pair programming session with our engineers. To request a session, see the instructions in the Discord channel.
We’ll have two live events in June including the Hashnode Workshop with demos and Q&A on June 7th and a Community Office Hour on June 23rd.

Good luck to all participants!

This hackathon is an exciting community project and we look forward to meeting and learning from you! We’ll be watching all the action on Discord, our Developer Slack, and GitHub. Please be sure to use #Buildwith1Password so we can help spread the word and profile your work!

Let’s get hacking!

Please note, this hackathon is a Hashnode contest and terms and conditions apply. You can find all applicable details on the contest website.

Unlock any CLI using biometrics with 1Password Shell Plugins

Jason Harris — Wed, 07 Dec 2022 17:49:08 +0000

I love Touch ID. When I use it to log in to a site or authorize a purchase, authentication just kind of happens. It doesn’t feel futuristic anymore, but it does feel like the present. It’s the modern computing experience.

Then I open my terminal, and I'm transported right back to the past. Why can't devs have that modern experience?

I know I'm not alone. When we introduced Touch ID support for 1Password CLI 2.0, one of the most frequent pieces of feedback we heard was: Can we have touch ID for all CLIs?

So, about that.

Introducing 1Password Shell Plugins

We use CLIs to perform quick actions from the comfort of our terminals and automate recurring tasks. You might use the GitLab CLI to submit your code in a merge request, so the team can review it and include it in the next release, for example. Many other developer platforms like AWS, Stripe, Sentry, and CircleCI offer CLIs as well.

Connecting a CLI to your online account often involves generating API access keys in a browser, then pasting those values into the terminal. Those credentials are usually saved in a plaintext config file that gives the CLI persistent access to your account, even after reboots. But if an attacker or process gains access to your system, they have the same level of access to your account that you do.

We built 1Password Shell Plugins so you can securely store all of your access keys in encrypted 1Password vaults, rather than on disk. When you use a Shell Plugin for a particular service, access to the associated API keys is restricted to your specific terminal session.

Because they're saved in 1Password, you can securely sign in to any CLI with your fingerprint or another form of biometrics. If the service supports it, MFA codes can be filled automatically – so there’s no need to pull out your phone multiple times every day.

In fact, there’s no need to type anything. No plaintext, no typing passwords, no hassle – you can stay in the zone and focus on the task at hand.

Extensibility built in

We’ve already built Shell Plugins for many popular CLIs, including:

GitLab
CircleCI
Amazon Web Services
Sentry (Get $240 in Sentry credits with code “1Password”)
Stripe
Twilio
GitHub

There are many more pre-built integrations, but you’re not limited to the ones we built. You can build your own, for any CLI.

Shell Plugins are fully extensible and aren’t restricted to specific services. If you don't see an integration you need, you can join the open source project (currently in beta) and contribute your own.

Want to add MFA support to an existing Shell Plugin? You can do that too.

Many of our users rely on GitLab to shorten code review cycles, increase their developer productivity and strengthen overall security at every step. 1Password’s latest rollout is an important development in that last bucket. Launching Shell Plugins will help ensure developers can access our tools in their terminals as quickly and securely as possible. – Kai Armstrong, senior product manager, GitLab

Your keys, but portable

Storing your keys in 1Password means you can use them everywhere. If you switch to a different machine, system, or environment, the process is exactly the same.

Just install and configure Shell Plugins on your machine, then use biometrics to grant access to your key in 1Password. If the plugin supports MFA, you can use 1Password to autofill the codes.

This all makes setup, developer onboarding, and collaboration simpler. If new teammates are in the relevant group in 1Password, they already have the permissions they need to access the shared credentials and contribute immediately. All they have to do is install the 1Password CLI and the appropriate Shell Plugins.

How Shell Plugins work

Once you've set up 1Password CLI, you can install a supported Shell Plugin with a single command. For example, to install the plugin for GitLab, you would run:

op plugin init glab

During the configuration process, you can import existing credentials from your config file or create new credentials in 1Password.

At this point, your credentials are safely stored in 1Password, so you can remove them from your disk.

Check out the developer docs to learn more about Shell Plugins.

Introducing CI/CD integrations

One more thing. When you’re setting up a CI/CD workflow, you often need to manually enter secrets by visiting the settings page of the tool you’re using. But now you can store those secrets in 1Password, too.

You can access them directly within your CI/CD tools – and reference their location in 1Password directly within the job that requires them – via new integrations for:

Again, feel free to jump into the documentation to get started.

Securing the software development life cycle

Our goal is to bring this same level of security and ease of use to the entire software development life cycle. My colleague, Marc Mackenbach, has written about how far the developer user experience has to go before it catches up with the consumer experience in terms of both security and UX.

We're working on that. Check out 1Password.com/developers for a quick overview of everything we’re building to secure developer workflows. In the meantime, feel free to start exploring the Shell Plugins documentation.

And maybe keep your phone in your pocket. You won’t need it nearly as often anymore. 😉

1Password for SSH changed the way I work

Jason Harris — Mon, 09 May 2022 17:12:06 +0000

1Password for SSH was shared with the world last month. I have been using it since it was available for internal beta. I knew it would improve my endpoint security. I didn’t expect it to change ~~the way I generated, stored and used SSH keys~~ the way I work.

Let me take a step back.

The first time I used SSH, I connected my college’s global lab linux server with PuTTY. I used a username and password to authenticate and never really appreciated the magic that made it all work. It was a step away from the familiar world of FTP and RDP.

SSH later became an integral part of my developer experience when my job switched from Subversion to Git. I was a Jr. Developer at the time and struggled to generate an SSH key. Another developer on the team generated an RSA key pair for me and shared it on a thumb drive. It was some years later before I realized this was less than ideal.

Eventually, I fell into a routine. I would get a new laptop, generate a private key – sometimes I would even use a passphrase – and upload the new key to all the services I used (GitHub, VPS, etc.). I used the one-key-per-device pattern and repeated the process for my phone and other devices. Occasionally, I’d pull a device from cold storage for something I forgot about.

The problem was that each SSH key represented one of my devices; it had no purpose attached to it. I used the same keys for work, open source contributions, file servers and a lot more. When I unlocked a key for one use, I unlocked it for all uses.

1Password for SSH has entered the chat

The 1Password SSH Agent has a stricter authorization model than the OpenSSH Agent[1] defaults[2]. Instead of a key either being available or unavailable, a key has an authorized session. An authorized session consists of the key pair and either a terminal session or application. I wanted to be able to deliberately authorize a set of actions for my current context (e.g., work or open source).

Thus, a new way of working.

I generated a new key pair for each of my use cases. 1Password in the browser made this really easy by autofilling the new key in the GitHub and Gitlab public key forms. Now, when it’s time to get to work, I open my terminal and run a git fetch. 1Password prompts for my fingerprint and I approve the usage of my Work SSH key.

I’m not prompted again while actively using my laptop. When it’s time to switch to an open source project, I’m seamlessly prompted for my GitHub key.

A little later, when I need to update my blog, I pop open a new terminal tab and start an SSH session. I forward my SSH Agent with ssh -A so that I can perform a git pull while I’m there[3]. When I’m done, I exit the terminal session, deauthorizing it from the 1Password SSH Agent.

Now, generating SSH keys is no longer part of my new device flow! All of my SSH keys are saved in 1Password and synchronized across my devices.

I’m really excited for Git’s recent addition of commit signing with SSH keys. It already works with 1Password SSH and I can’t wait for GitHub and Gitlab to support verification!

[1] SSH agent restriction looks really cool! ↩︎

[2] Similar functionality is available with ssh-add -c. ↩︎

[3] Eventually I’ll get around setting up a GitHub Action. At least, that’s what I tell myself. ↩︎

This post originally written by K.J. Valincik, Senior Staff Developer at 1Password.