I recently had to set up a new Mac for programming. I took the opportunity to do what a colleague suggested me to do a long time ago: ditch gpg, gpg-agent, and such in favor of 1Password. This setup is much simpler and I believe more secure than what I was doing before.

Creating a SSH key for authentication in 1Password and connecting it to Git

  1. Enable the 1Password SSH Agent. In 1Password go to Settings > Developer. There you'll find an option to enable the agent.
  2. In 1Password, click "New Item" > "SSH Key". In there you can either paste your current key or create a new one by clicking "Add Private Key". If it's a new key remember to add it to https://github.com/settings/keys or wherever your git provider configures them.
  3. Edit your ~/.ssh/config and append a line similar to the following and remove any line related to your git provider (e.g. github):
Host *
  IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"
  1. That's it. Try using Git now and it should authenticate using the 1Password agent. It might ask you for your password or biometric authentication.

Creating a SSH key for commit signing

If your git provider supports it (Github, Gitlab and Bitbucket should support it, not sure about the others), signing commits with a SSH key instead of GPG is much less painful in my experience.

Here are the steps:

  1. If you haven't done it already, enable the 1Password SSH Agent. In 1Password go to Settings > Developer. There you'll find an option to enable the agent.
  2. In 1Password, click "New Item" > "SSH Key". In there you can either paste your current key or create a new one by clicking "Add Private Key". If it's a new key remember to add it to https://github.com/settings/keys (in the signing section!) or wherever your git provider configures them.
  3. Go to your key in 1Password, and click the three vertical dots (the ones that usually mean "more options"). You should see "Configure Git Commit Signing". Follow the instructions there to set up the signing key.
  4. Done. Now every time you sign a commit it should use your ssh key to sign them.

References

Disclaimer

I have no affiliations with 1Password. I just happen to be using their product and I think this is a really well engineered feature.