Support for local vaults?



  • sn0mansn0man
    edited January 2021

    Mike, I love this. I won't be shouting your plans from the rooftops, just quietly staying here in the forums and supporting the Pi-type plans. I mentioned, and I'll say again, if AB wanted to created a little Pinode for the home server instance I'd probably spend money on it. I get that you probably don't want to get into hardware sales directly as it might be a pain for legal, regulatory, support, liability, etc. Maybe partnering with a Pi-community or someone to help make it unofficial official.

    The world has been scary and sad of late, so happy to have you and others doing your work and our discussion today.

    Off to google 1P Emergency Kit PDF.

  • MikeTMikeT Agile Samurai

    Team Member
  • lumarellumarel
    edited January 2021

    It would actually be battle-tested already as it would replicate what we use for 1Password service already, just pushed down into a self-contained service that you can run locally. Plus it'd work out of the box with same 1Password apps (including 1Password beta for Linux here) that uses the same 1Password APIs which handles the syncing automatically because the local service is the oracle of truth (that tells 1Password how to sync in your network). The only difference is that you'd have to run backups on your own but that's not any different from what you'd have to do now with standalone vaults.

    Sounds like this moves into a direction, where we will get our own little 1Password cloud service :chuffed:
    I don't know... this just sounds so promising, that I'm really starting to look forward to this and even making plans to onboard even more people to 1P :) (didn't have the time to convince the family, beside the sceptical friends)

    And as I'm having troubles to move documents to local vaults again, this sounds even better, because this definitely won't happen if this is also the same cloud-like platform!

    Two more thoughts:

    • I hope the database which is linked to the stateless container, will be recoverable (I'm thinking about the problems in the Windows world where you have to recover a client (or even the Domain Controller) and suddenly it fell out of the domain because the trust isn't given anymore)
    • I would be really pleased if there is a ARM version (as the Pi's are ARM driven) that we would also get a x86 version, I think I would love to run this on my vSphere cluster :+1:

    Oh and it's so great to see you and your colleagues also being so passionate, this makes this thread even better! Everybody foreseeing kind of the same bright future :chuffed:

  • MikeTMikeT Agile Samurai

    Team Member

    Keep in mind that this is all still mostly theoretical, nothing is a sure thing but all of this is the desire we have right now as we continue to focus and evolve 1Password on Linux. Another hint of what the future may bring is in our recent interview here:

    These have been in production for the last few years and we’ve seen great success. So much so that we’re now in the midst of a complete rewrite of nearly our entire product lineup, and Rust is a major part of that story. We are using Rust to create a headless 1Password app that encompasses all of the business logic, cryptography, database access, server communication, and more wrapped in a thin UI layer that is native to the system on which we’re deploying.

  • I echo what Mike just said. I think our best bet is to wait with some patience and continue on our current versions before we proceed. Mike is providing us a bit of a peak under the covers at the new model year car before a reveal (so to speak) but nothing is in stone. I do not plan to advertise his conversations with us anywhere else in hopes that he is allowed a bit more leeway to provide a little inside baseball in the future.

  • MikeTMikeT Agile Samurai

    Team Member


  • Keep in mind that this is all still mostly theoretical, nothing is a sure thing but all of this is the desire we have right now as we continue to focus and evolve 1Password on Linux.

    Off course, off course!
    We will wait patiently until something has been announced (and if it is in multiple years in the future)

    And such theoretical discussions don't belong to the big public anyway :+1:
    Even promoting beta versions is kind of problematic, as there are too many people who understand this incorrectly.

  • BlakeBlake

    Team Member

    We appreciate the patience and understanding, truly 💙

  • @MikeT, Thank you for the detailed responses. I agree with @Sn0man 's comments that I hope you’re reading our desires in a positive and passionate 1Password advocate light, and the willingness to assist.

    We're talking about basically maintaining two different apps within the same interface (one example: one app uses a simple API to make a single item change quickly and another uses the local file system to replace an entire file to modify it)

    That does clarify the issue, thank you. And I agree with your statement that this forum and thread is more biased toward your power users.

    First, we have an option to block sending data to specific platforms already.

    I like this, and would be interested in getting the more granular information you mentioned. I use the same OS for a few different places, but I want to control which vaults can be accessed by device. Something I raised in a support ticket, is that I'd also like to be able to control by user on the device. I have a work around for that with the local storage, but it's definitely not ideal. I certainly take your critique that mac address can be spoofed, and that something more secure is needed.

    Just to clarify, the Docker solution if possible would just be all local. It would not be syncing anything to the cloud. If you want to include both in the same 1Password app, you can because you'd just enter the sign in address of the docker's instance and treat it like a second 1Password account, it's just local. This is why this docker idea is far more desirable for us.

    I was thinking that the docker container would be more like a separate vault. Can you clarify what you mean by a second account?

    Part of the reason I ended up checking on the linux beta was I ran into an issue where my main computer died (mac OS) and then took out my access to the local vaults. I have them backed up, but didn't have a way to access them.

  • MikeTMikeT Agile Samurai

    Team Member

    Hi @A10,

    You're welcome.

    I was thinking that the docker container would be more like a separate vault. Can you clarify what you mean by a second account?

    You can have multiple (and .ca/.eu) memberships, for an example; a lot of people have their own private 1Password account while also using a 1Password account from their work company (or another team like a sport team, club, and/or another family), they can sign in to any number of 1Password accounts in the same app. Each account have their own vaults, settings, permissions, and so on.

    Here's a screenshot of me signed in with two 1Password accounts, one called Item Editors and samurai is another testing account I use.

    Everything view is the union of both 1Password accounts in the same view.

    You could create a vault collection to show specific vaults from various 1Password accounts or just one like this:

    Does that help clarify why Docker/container is desirable and why it means we'd only have one app with a unified experience? It basically means you can treat the 1Password account from the container as a local account that you sign into the same 1Password app and the app wouldn't see any difference between them. The local account can have any number of vaults you want to keep local and other 1Password account you sign in can be hosted by us, your work company, and so on.

    Part of the reason I ended up checking on the linux beta was I ran into an issue where my main computer died (mac OS) and then took out my access to the local vaults. I have them backed up, but didn't have a way to access them.

    If you need it now, you can use a virtual machine (KVM is built-in for Linux) to run Windows and use our Windows app to access your standalone vaults.

    That's part of why we offer the 1Password memberships, folks don't want to worry about backups and need access to their data anywhere at any time. You can use web app, 1Password command line tool, 1Password in your browser, any apps we have available at the moment, which we're extending with Linux now and more in the future.

  • It is very enlightening to read through all your thoughts and Ideas. Gets me all excited about future feature possibilities.

    Encrypted Exports
    @dteare When you mentioned an encrypted format, are we talking about something different from the local vault filetype .opvault?

    Local vaults keep their own backups for the entire vault but they don't keep the entire history like what can be seen through the site unless those are back-up separately before they are removed. Is it possible to open a local vault as read only on a device?

    Vault Syncing Granularity
    @A10 excellent suggestion with selective vault syncing! Love the idea and I can think of a ton of use cases for this. Plus the granularity of "Don't show this on new devices until explicitly enabled." that @MikeT mentioned. I guess for all of this there'd need to be maybe some advanced feature toggle so it doesn't confuse most users to have too many options but satisfy those that do need them.

  • I don't have a horse in this race, but I want to say Kudos! to everyone involved. There has obviously been a lot of thought put into this thread, it is extremely admirable. Not to take away from the contributions of the users, but that 1P peeps have put so much into this is amazing. If only all developers/owners/founders/business folk did the same.

    Insert applause here.

  • dtearedteare Agile Founder

    Team Member

    Thank you so much for the kind words, @johann_koebbe. 🤗

    Regarding the encrypted exports, @MONKi1P, it will be a different format than what we used in opvault. These exports will have an accompanying command line tool that will allow you to decrypt these files so you'll always be able to access your data. As for the item history that you can view on, that will not be included. The export will include the information that's stored in the client's local cache.

  • edited February 2021

    Just read through this whole thread, pretty informative.

    Adding myself as a +1 for some kind of standalone/self hosted Linux solution that doesn't involve an external network. Been a user/supporter for well over a decade now and I recently set up 1Password on Linux for the first time and was disappointed to see I couldn't use my current sync solution, but such is life.

    Also not concerned with the financial aspect, happy to pay a monthly subscription, just want control over where/how I sync things.

  • @dteare ahhh yes a commandline tool, that's wonderful for future proofing!
    Could you clarify two aspects:
    (1) So currently the .opvault is being backed up and changes are preserved over versioned stored on the system, not on a per entry item bases like on, correct?
    (2) And the export is just another way of storing 1Password data in a safe and future proof way incase a rare dinosaur like extinction event befalls 1Password.

  • 1Password is very good software.
    But the lack of local password storage functionality on Linux (as it is on Windows and MacOS) forces to look for an alternative and migrate sooner or later ...

  • Yeah, if something doesn't happen soon I'm migrating to bitwarden, which we've just deployed at work after ruling out 1password, because of the lack of local vault storage.

    Honestly it's a pity, I'd rather stay with 1pass, but this lack of local vaults is hindering the acceptability of the software for many it seems.

  • With the latest news for 1Pass for Linux...

    Do we get local vaults yet? Or are we still the ugly stepchild that gets ignored?

  • dtearedteare Agile Founder

    Team Member

    It's great to hear you saw the news! Yes indeed, 1Password for Linux has officially launched! 🎉🥳🎊

    The launch was a huge success so you're right, now would be a great time to revisit this discussion. As described in my comment above it will be incredibly difficult to add support for local vaults as 1Password for Linux relies on the server to perform a lot of the heavy lifting. The most likely path towards a modern day version of local vaults would be self-hosting of the 1Password service.

    We've seen some excitement for self-hosting in this thread and a few others as well so there's definitely some interest in this idea. It's hard to gauge interest piecemeal like this, however, so I'd like to measure things more formally with a survey. I'm putting together a set of questions to see who wants this feature, how it will help them, and some detailed questions to help ensure we build the right thing if and when we decide to move forward on this.

    I'll update this thread with the survey once it's ready. I'm planning on using 1Password Secrets Automation to store survey responses directly within one of my vaults. I thought this would be a fabulous way to ensure we protect the privacy of people's information and their comments. It also gives me a great opportunity to geek out with our other big launch of this year. 🙂

    Take care,


  • Excellent work on the linux app and thank you, it is an amazing release. That being said, like some I cannot adopt it as my default pw manager without either local only vaults or the ability to choose sync location. Hopefully that will make it into a future release, I think that's a crucial feature these days.

  • dtearedteare Agile Founder

    Team Member

    Hello @vwest! Thank you for the kind words. 🤗 It's great to hear you excitement about 1Password for Linux! 😍

    I merged your question into this thread as I have a long winded response just above your comment that answers this in detail.

    Please give it a read to see where we're at and watch for an update from me in the future with details on the survey. In the meantime, however, I'd like to better understand the "or the ability to choose sync location" part of your question. How are you syncing today?

    Take care and enjoy the rest of your weekend. 👋


  • Please ensure the survey announcement is not just in this thread, but in the release notes at the time. I've missed a few of the previous surveys, due to not knowing they exist (until after they closed)

  • BlakeBlake

    Team Member

    Thanks for the heads-up @k4n30!

    We will make sure everyone is notified properly. We don't want to leave anyone out! 😊

  • dtearedteare Agile Founder

    Team Member
    edited June 2021

    Hello everyone, 👋

    Last week we announced early access for 1Password 8 on Windows and along with it we also completed setting up our self-hosting survey. For everyone who is using local/standalone vaults entirely within your network (i.e. no cloud based sync services like Dropbox or iCloud) and would like to self-host your very own 1Password service, please take this survey:

    Self-hosted 1Password kick-starter

    We'll be using this survey to gauge interest in this feature, as well as making sure we build the right solution in the event there is enough demand to move things forward.

    As for privacy, this survey is powered by 1Password Secret Automation. All data collected is stored within a special 1Password vault that will only be shared with myself and select 1Password employees. Your email will only be used for discussions around this feature.

    If self-hosting is something you're interested in, please complete the survey to let us know! 🤗


  • AxellAxell
    edited July 2021

    Hello everyone!!!
    So, can i assume, that the option of cases is fully implemented in 1password???
    And i can save my passwords in offline mode (offline vault) with offline database on my PC.
    And there is no any sync with cloud vaults?
    The option is: 1password\New case on this PC.

  • dtearedteare Agile Founder

    Team Member

    Hello @Axell, 👋

    By "cases" I'm assuming you mean vaults, the main "encrypted container" that items are kept within. To clarify, in 1Password 7 we had two types of vaults: vaults used with the service and what we called "local vaults" or "standalone vaults" which were synced however you decided to, typically Dropbox or iCloud.

    Assuming we're talking about the same feature, then the answer is no, they are not implemented as the new releases do not have support for local/standalone vaults and 1Password 7 will be the last version to support them. The new apps rely on the server to perform a lot of the heavy lifting so we will not be adding support for local vaults as they existed in earlier versions.

    With that said, there is a possibility that we can achieve the same goals in a different way. A new, modern day equivalent of local vaults would be self-hosting of the 1Password service. We've seen some excitement in this thread for this feature and so we created a survey to better understand people's needs and desires for such a service. If this sounds like something you'd be interested in, please take the survey:

    Self-hosted 1Password kick-starter

    The hope of the survey is to help gauge demand to help us decide if this is something we should build and to help us ensure we do things in a way people will like if we decide to move forward here.

    I hope that helps. Please let me know,


  • I like the local idea. What if there was an encrypted (user-held keys) backup that replicated to the cloud?

  • Membership is the way forward with 1Password. There is just so much more that we can offer there than with standalone vaults synced with 3rd party services

    1Password user since 2008 here, diligently buying every upgrade. I ran into this thread on Hacker News and feel inspired to say that I find this consistent take from 1P and its employees to be so intellectually dishonest that it makes me more likely to switch products.

    Something like, "Membership is the way forward with 1Password. It is a larger and more-predictable revenue stream for us, which is important as we are an ever-growing business that wants to maintain margins as we continue to add features." I would receive so much better than a clearly bogus claim that there is "more to offer" because of simple and long-solved data sync.

  • I don't expect a company trying to make money to allow this... But I would love the self-hosted option.

  • BenBen AWS Team

    Team Member

    Hi @laynesadler

    I like the local idea. What if there was an encrypted (user-held keys) backup that replicated to the cloud?

    That isn't entirely far from what happens now. There is an encrypted cache on every device you're signed in from. Changes are made to that local cache then synced with the service. That way you are able to work offline. Is that what you're looking for?


    I would love the self-hosted option.

    Great! Have you completed the survey?


Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file