whatisgithub

What is 1key?

anomalroil/1key — explained in plain English

Analysis updated 2026-07-09 · repo last pushed 2019-05-17

2GoAudience · ops devopsComplexity · 3/5DormantSetup · moderate

In one sentence

A proof-of-concept tool that derives multiple SSH keys from a single master key using elliptic curve cryptography, so you manage one key instead of dozens. Built for a conference talk, not production use.

Mindmap

mindmap
  root((repo))
    What it does
      Derives SSH keys
      One master key
      Child keys on demand
    How it works
      Elliptic curve crypto
      Secret phrase input
      Master key protected
    Use cases
      Multiple environments
      Staging and production
      Client infrastructure
    Audience
      Security developers
      Sysadmins
    Maturity
      Proof of concept
      Conference talk demo
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Derive separate SSH keys for staging, production, and client environments from one master key.

USE CASE 2

Share child public keys with teammates without exposing your master private key.

USE CASE 3

Generate matching child private keys later using the secret phrase used during derivation.

What is it built with?

GoSSHElliptic Curve Cryptography

How does it compare?

anomalroil/1keydanterolle/loqiiwetan77/flume
Stars222
LanguageGoGoGo
Last pushed2019-05-17
MaintenanceDormant
Setup difficultymoderatemoderatemoderate
Complexity3/52/54/5
Audienceops devopsdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

Requires generating a master SSH key and providing a secret phrase of 33+ random characters, plus understanding the derivation workflow.

So what is it?

1key is a proof-of-concept tool that lets you generate multiple SSH keys from a single master key. Instead of creating and managing separate keys for every server or environment, you keep one key and derive "child" keys from it as needed. The master key itself never gets exposed to your system's SSH agent, which adds a layer of protection. Under the hood, it uses elliptic curve cryptography. The core idea is mathematical: when you combine your master key with a random value derived from a secret phrase, you get a new, valid key. Someone who only has your public key can also derive child public keys, and you can later generate the matching private keys if you know the random value used. This lets you share derivations without handing over your master key. The tool is aimed at security-conscious developers and sysadmins who juggle many SSH connections. For example, if you want different keys for staging, production, and a client's infrastructure, you can derive all of them from one master rather than storing a dozen separate key files. You provide a secret phrase (ideally 33+ random characters), and the tool handles the math. The project is explicitly a proof of concept tied to a conference talk, so it's not a polished product. The README notes some rough edges, like the SSH connection feature being a simple wrapper that may be removed, and a todo list that includes better memory protection for the master key. It's an interesting demonstration of the concept rather than something you'd want to rely on for critical infrastructure today.

Copy-paste prompts

Prompt 1
How do I set up a master SSH key and derive child keys from it using the 1key tool in Go?
Prompt 2
How does 1key use elliptic curve cryptography to derive child SSH keys from a single master key without exposing it to the SSH agent?
Prompt 3
Can you explain the workflow for generating a child public key that a teammate can use, and then later deriving the matching private key in 1key?

Frequently asked questions

What is 1key?

A proof-of-concept tool that derives multiple SSH keys from a single master key using elliptic curve cryptography, so you manage one key instead of dozens. Built for a conference talk, not production use.

What language is 1key written in?

Mainly Go. The stack also includes Go, SSH, Elliptic Curve Cryptography.

Is 1key actively maintained?

Dormant — no commits in 2+ years (last push 2019-05-17).

How hard is 1key to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is 1key for?

Mainly ops devops.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.