With a recent change to pricing for 1Password I’ve finally made the decision to migrate over to Proton Pass. It’s already included in my Proton Duo subscription and Proton Pass has made strides with its features since launch.

Most of it was straightforward, import, verify, done. Three caveats though:

1. The import did not bring across any passkeys and I had to set them up again. Proton Pass did helpfully show me which of my credentials could use passkeys though.
2. Proton Pass’s Linux desktop app does not support system authentication. It shows up in the UI but some digging through the app showed that it’s currently not implemented.
3. Replacing 1Password’s SSH agent is possible but comes with trade-offs. That’s what most of this post is about.

The 1Password SSH agent experience

1Password has first-class SSH agent support on Linux. It exposes a socket at ~/.1password/agent.sock, you configure which vaults it serves keys from via ~/.config/1Password/ssh/agent.toml, and SSH clients point at that socket via IdentityAgent. Git commit signing is done with a dedicated binary, op-ssh-sign, as the gpg.ssh.program.

Recently I noticed that my volume was at 100% after rebooting my desktop NixOS machine. My audio setup runs through a Schiit Fulla DAC over USB, nothing exotic, just a clean external DAC for headphones. I could turn the volume down during a session and it would stay put, but the next reboot it was back at full blast. It wasn’t anything big but it was annoying enough to actually dig into.

On a Sunday morning I sat down to start playing a Steam game via Proton on my Framework 13 laptop. Upon booting into the game I noticed that the cursor tracked perfectly, moving exactly where I expected it to, but clicks never registered. I could hover over a button in the game, click, and nothing would happen.

I hadn’t used the laptop for gaming in a long while, the Steam Deck had mostly taken over that role, but I had a hankering for a more mouse-driven game and the Framework 13 has plenty of power for these cases.