Here’s how to set up Proton Pass CLI with SSH agent functionality on Windows ( Prerequisites ):
1. Install Proton Pass CLI
Open PowerShell as Administrator and run:
# If script execution is restricted, enable it first:
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine
# Install Proton Pass CLI
Invoke-WebRequest -Uri https://proton.me/download/pass-cli/install.ps1 -OutFile install.ps1; .\install.ps1
# Verify installation
pass-cli.exe --version2. Log In
pass-cli.exe login3. Store SSH Keys in Proton Pass
Generate a New SSH Key
pass-cli.exe item create ssh-key generate `
--vault-name "Personal" `
--title "My SSH Key"
Import an Existing SSH Keyor import an existing key
pass-cli.exe item create ssh-key import `
--from-private-key C:\Users\YourUser\.ssh\id_ed25519 `
--vault-name "Personal" `
--title "My Existing Key"4. Use Proton Pass as SSH Agent
Load Keys into Windows OpenSSH Agent. This works with native Windows OpenSSH, PowerShell, CMD, VS Code, and most Windows applications.
# Run as Administrator
# Step 1: Enable and start the Windows OpenSSH Agent service:
Get-Service ssh-agent | Set-Service -StartupType Automatic
Start-Service ssh-agent
# Step 2: Load your Proton Pass SSH keys into it:
pass-cli.exe ssh-agent load
# Or from a specific vault:
# pass-cli.exe ssh-agent load --vault-name MySshKeysVault
# Step 3: Verify keys are loaded:
ssh-add -l5. Make It Persistent
using a scheduled task
Create a scheduled task to load keys at login (requires you to be logged in to pass-cli):
- Open Task Scheduler
- Create a new task that runs at user logon
- Action: Start a program
- Program: pass-cli.exe
- Arguments: ssh-agent load
Or using your PowerShell profile ($PROFILE):
# Auto-load Proton Pass SSH keys (requires you to be logged in to pass-cli)
pass-cli.exe ssh-agent load 2>$null