Skip to main content
To confirm the authenticity of 1Password CLI, the tool and all its updates are digitally signed and offered exclusively by 1Password. Always get updates directly from 1Password, and always check to make sure that you have the latest version.

ZIP file

To confirm that the contents of the 1Password CLI ZIP file are authentic, unzip the file, then run the following command in the unzipped folder:
gpg --keyserver keyserver.ubuntu.com --receive-keys 3FEF9748469ADBE15DA7CA80AC2D62742012EA22
gpg --verify op.sig op

Package file

To confirm the 1Password CLI installer file is authentic, you can verify the digital signature before installation.
  1. Open the 1Password CLI installer. If you see “This package will run a program to determine if the software can be installed”, select Continue. This will not begin the installation.
  2. Select the lock icon in the top right corner of the installer window. If you don’t see the lock icon, the package is unsigned, and you shouldn’t install it.
  3. Select Developer ID Installer: AgileBits Inc. (2BUA8C4S2C). If you see a different developer ID, or the certificate doesn’t have a green checkmark indicating that it’s valid, don’t install the package.
  4. Select the triangle next to Details and scroll down.
  5. Make sure that the SHA-256 fingerprint in the installer matches one of the following fingerprints. If they match, the signature is verified. Select OK and continue installation.
The 1Password CLI installer window showing the developer ID and fingerprints.
HashFingerprint
SHA‑256CA B5 78 06 1B 02 09 FB 70 93 4D A3 44 EF 6F EB CD 32 79 B1 C0 74 C5 4B 0D 7D 55 57 43 B9 D8 9F
SHA‑25614 1D D8 7B 2B 23 12 11 F1 44 08 49 79 80 07 DF 62 1D E6 EB 3D AB 98 5B C9 64 EE 97 04 C4 A1 C1
The installer automatically verifies the files in the package. If any file has an issue, installation stops without changes to your system, and you’ll see a message that the installer encountered an error.