1Password launched Developer Tools - a set of features created to help developers easily and securely generate, manage and access secrets within development workflows, starting with Git. Developer Tools will help simplify complex processes and improve security practices to ensure data is protected, without slowing down the development pipeline. It will also provide developers with secure access to the secrets they need wherever they are, regardless of the device they are using. 

"Developers encounter a lot of complexity when building and deploying secure software, and it can often seem like security and convenience are irreconcilable," said Akshay Bhargava, Chief Product Officer and GM of Emerging Solutions at 1Password. "1Password Developer Tools aims to make their lives easier by making complex security processes more convenient, and making doing the secure thing, the easy thing."

Findings from our ‘Hiding in Plain Sight' research report found that one in four (25%) employees at IT/DevOps companies have secrets in ten or more different locations and have shared them with colleagues via insecure channels, such as email and Slack. Additionally, 61% of projects are delayed due to poor secret management, and one in three (36%) IT/DevOps workers say they will share secrets over insecure channels to increase productivity and speed.

Cutting corners for the sake of efficiency can be tempting, but doing so can expose individuals and businesses to potential security breaches. In addition to protecting personal passwords and information, Developer Tools will enhance developer productivity, enabling quick generation of SSH keys, seamless access to data via the command line interface (CLI) using biometric authentication and secure secrets management in one app. 1Password customers who tested these features during beta had positive feedback to share:

• "All the hassle of exchanging keys on different machines, adding and removing keys from the agent, entering passphrases from keys, is now just one biometric authentication. This is the way SSH should be, awesome!" - Marcel Kersten, Software Developer at ComLine GmbH
• "The new 1Password CLI allowed our web development team to save time synchronizing passwords and API keys in a much more secure manner than previously possible. I'd strongly recommend any web development team look into using the 1Password CLI tools to boost security and efficiency." - Craig Haseler, Project Manager at TechSource
• "SSH key management is the 1Password feature I've been asking for for years! Thank you team!" - Christina Warren, Senior Cloud Advocate
  

SSH Key Management

Developers can generate, store and use SSH keys with just a few clicks. To help avoid errors, 1Password for the browser will autofill their public keys into popular sites, including GitHub, GitLab, BitBucket and Digital Ocean. Then, with a built-in SSH agent, users can push code to GitHub and authenticate other SSH workflows in a terminal by simply scanning their fingerprint, increasing security with less effort. Developers no longer need to remember or type key passphrases, manually copy keys to new devices, or store files on their disk, thereby avoiding weak encryption of SSH keys and other security risks. 

CLI 2.0 with Biometric Unlock

With a revamped CLI (including improved syntax) and new biometric unlock capabilities, developers can quickly manage secrets, provision users or automate workflows in a terminal without switching from their development tools or manually typing passwords. Developer Tools also simplifies key management with CLI inject and run commands, allowing developers to code with secret references that are substituted for actual API keys from their vault at runtime. 

Secrets Management

Instead of hardcoding secrets or storing them in unsecure plaintext, configuration files or spreadsheets, developers can manage and access their secrets in one place within their preferred tools and workflows. Storing secrets in encrypted vaults, and as one of several default item types - including API credential, AWS account, database, server, or SSH key - will help prevent breaches caused by leaked secrets. Developer Tools also facilitates collaboration by providing secure access to secrets across a team. For organizations looking to automate infrastructure secrets, these tools continue to build on Secrets Automation.