Support for local vaults?



  • sn0mansn0man
    edited January 19

    Mike, I love this. I won't be shouting your plans from the rooftops, just quietly staying here in the forums and supporting the Pi-type plans. I mentioned, and I'll say again, if AB wanted to created a little Pinode for the home server instance I'd probably spend money on it. I get that you probably don't want to get into hardware sales directly as it might be a pain for legal, regulatory, support, liability, etc. Maybe partnering with a Pi-community or someone to help make it unofficial official.

    The world has been scary and sad of late, so happy to have you and others doing your work and our discussion today.

    Off to google 1P Emergency Kit PDF.

  • MikeTMikeT Agile Samurai

    Team Member
  • lumarellumarel
    edited January 20

    It would actually be battle-tested already as it would replicate what we use for 1Password service already, just pushed down into a self-contained service that you can run locally. Plus it'd work out of the box with same 1Password apps (including 1Password beta for Linux here) that uses the same 1Password APIs which handles the syncing automatically because the local service is the oracle of truth (that tells 1Password how to sync in your network). The only difference is that you'd have to run backups on your own but that's not any different from what you'd have to do now with standalone vaults.

    Sounds like this moves into a direction, where we will get our own little 1Password cloud service :chuffed:
    I don't know... this just sounds so promising, that I'm really starting to look forward to this and even making plans to onboard even more people to 1P :) (didn't have the time to convince the family, beside the sceptical friends)

    And as I'm having troubles to move documents to local vaults again, this sounds even better, because this definitely won't happen if this is also the same cloud-like platform!

    Two more thoughts:

    • I hope the database which is linked to the stateless container, will be recoverable (I'm thinking about the problems in the Windows world where you have to recover a client (or even the Domain Controller) and suddenly it fell out of the domain because the trust isn't given anymore)
    • I would be really pleased if there is a ARM version (as the Pi's are ARM driven) that we would also get a x86 version, I think I would love to run this on my vSphere cluster :+1:

    Oh and it's so great to see you and your colleagues also being so passionate, this makes this thread even better! Everybody foreseeing kind of the same bright future :chuffed:

  • MikeTMikeT Agile Samurai

    Team Member

    Keep in mind that this is all still mostly theoretical, nothing is a sure thing but all of this is the desire we have right now as we continue to focus and evolve 1Password on Linux. Another hint of what the future may bring is in our recent interview here:

    These have been in production for the last few years and we’ve seen great success. So much so that we’re now in the midst of a complete rewrite of nearly our entire product lineup, and Rust is a major part of that story. We are using Rust to create a headless 1Password app that encompasses all of the business logic, cryptography, database access, server communication, and more wrapped in a thin UI layer that is native to the system on which we’re deploying.

  • I echo what Mike just said. I think our best bet is to wait with some patience and continue on our current versions before we proceed. Mike is providing us a bit of a peak under the covers at the new model year car before a reveal (so to speak) but nothing is in stone. I do not plan to advertise his conversations with us anywhere else in hopes that he is allowed a bit more leeway to provide a little inside baseball in the future.

  • MikeTMikeT Agile Samurai

    Team Member


  • Keep in mind that this is all still mostly theoretical, nothing is a sure thing but all of this is the desire we have right now as we continue to focus and evolve 1Password on Linux.

    Off course, off course!
    We will wait patiently until something has been announced (and if it is in multiple years in the future)

    And such theoretical discussions don't belong to the big public anyway :+1:
    Even promoting beta versions is kind of problematic, as there are too many people who understand this incorrectly.

  • BlakeBlake

    Team Member

    We appreciate the patience and understanding, truly 💙

  • @MikeT, Thank you for the detailed responses. I agree with @Sn0man 's comments that I hope you’re reading our desires in a positive and passionate 1Password advocate light, and the willingness to assist.

    We're talking about basically maintaining two different apps within the same interface (one example: one app uses a simple API to make a single item change quickly and another uses the local file system to replace an entire file to modify it)

    That does clarify the issue, thank you. And I agree with your statement that this forum and thread is more biased toward your power users.

    First, we have an option to block sending data to specific platforms already.

    I like this, and would be interested in getting the more granular information you mentioned. I use the same OS for a few different places, but I want to control which vaults can be accessed by device. Something I raised in a support ticket, is that I'd also like to be able to control by user on the device. I have a work around for that with the local storage, but it's definitely not ideal. I certainly take your critique that mac address can be spoofed, and that something more secure is needed.

    Just to clarify, the Docker solution if possible would just be all local. It would not be syncing anything to the cloud. If you want to include both in the same 1Password app, you can because you'd just enter the sign in address of the docker's instance and treat it like a second 1Password account, it's just local. This is why this docker idea is far more desirable for us.

    I was thinking that the docker container would be more like a separate vault. Can you clarify what you mean by a second account?

    Part of the reason I ended up checking on the linux beta was I ran into an issue where my main computer died (mac OS) and then took out my access to the local vaults. I have them backed up, but didn't have a way to access them.

  • MikeTMikeT Agile Samurai

    Team Member

    Hi @A10,

    You're welcome.

    I was thinking that the docker container would be more like a separate vault. Can you clarify what you mean by a second account?

    You can have multiple (and .ca/.eu) memberships, for an example; a lot of people have their own private 1Password account while also using a 1Password account from their work company (or another team like a sport team, club, and/or another family), they can sign in to any number of 1Password accounts in the same app. Each account have their own vaults, settings, permissions, and so on.

    Here's a screenshot of me signed in with two 1Password accounts, one called Item Editors and samurai is another testing account I use.

    Everything view is the union of both 1Password accounts in the same view.

    You could create a vault collection to show specific vaults from various 1Password accounts or just one like this:

    Does that help clarify why Docker/container is desirable and why it means we'd only have one app with a unified experience? It basically means you can treat the 1Password account from the container as a local account that you sign into the same 1Password app and the app wouldn't see any difference between them. The local account can have any number of vaults you want to keep local and other 1Password account you sign in can be hosted by us, your work company, and so on.

    Part of the reason I ended up checking on the linux beta was I ran into an issue where my main computer died (mac OS) and then took out my access to the local vaults. I have them backed up, but didn't have a way to access them.

    If you need it now, you can use a virtual machine (KVM is built-in for Linux) to run Windows and use our Windows app to access your standalone vaults.

    That's part of why we offer the 1Password memberships, folks don't want to worry about backups and need access to their data anywhere at any time. You can use web app, 1Password command line tool, 1Password in your browser, any apps we have available at the moment, which we're extending with Linux now and more in the future.

  • It is very enlightening to read through all your thoughts and Ideas. Gets me all excited about future feature possibilities.

    Encrypted Exports
    @dteare When you mentioned an encrypted format, are we talking about something different from the local vault filetype .opvault?

    Local vaults keep their own backups for the entire vault but they don't keep the entire history like what can be seen through the site unless those are back-up separately before they are removed. Is it possible to open a local vault as read only on a device?

    Vault Syncing Granularity
    @A10 excellent suggestion with selective vault syncing! Love the idea and I can think of a ton of use cases for this. Plus the granularity of "Don't show this on new devices until explicitly enabled." that @MikeT mentioned. I guess for all of this there'd need to be maybe some advanced feature toggle so it doesn't confuse most users to have too many options but satisfy those that do need them.

  • I don't have a horse in this race, but I want to say Kudos! to everyone involved. There has obviously been a lot of thought put into this thread, it is extremely admirable. Not to take away from the contributions of the users, but that 1P peeps have put so much into this is amazing. If only all developers/owners/founders/business folk did the same.

    Insert applause here.

  • dtearedteare Agile Founder

    Team Member

    Thank you so much for the kind words, @johann_koebbe. 🤗

    Regarding the encrypted exports, @MONKi1P, it will be a different format than what we used in opvault. These exports will have an accompanying command line tool that will allow you to decrypt these files so you'll always be able to access your data. As for the item history that you can view on, that will not be included. The export will include the information that's stored in the client's local cache.

  • edited February 16

    Just read through this whole thread, pretty informative.

    Adding myself as a +1 for some kind of standalone/self hosted Linux solution that doesn't involve an external network. Been a user/supporter for well over a decade now and I recently set up 1Password on Linux for the first time and was disappointed to see I couldn't use my current sync solution, but such is life.

    Also not concerned with the financial aspect, happy to pay a monthly subscription, just want control over where/how I sync things.

  • @dteare ahhh yes a commandline tool, that's wonderful for future proofing!
    Could you clarify two aspects:
    (1) So currently the .opvault is being backed up and changes are preserved over versioned stored on the system, not on a per entry item bases like on, correct?
    (2) And the export is just another way of storing 1Password data in a safe and future proof way incase a rare dinosaur like extinction event befalls 1Password.

  • 1Password is very good software.
    But the lack of local password storage functionality on Linux (as it is on Windows and MacOS) forces to look for an alternative and migrate sooner or later ...

  • Yeah, if something doesn't happen soon I'm migrating to bitwarden, which we've just deployed at work after ruling out 1password, because of the lack of local vault storage.

    Honestly it's a pity, I'd rather stay with 1pass, but this lack of local vaults is hindering the acceptability of the software for many it seems.

  • With the latest news for 1Pass for Linux...

    Do we get local vaults yet? Or are we still the ugly stepchild that gets ignored?

  • dtearedteare Agile Founder

    Team Member

    It's great to hear you saw the news! Yes indeed, 1Password for Linux has officially launched! 🎉🥳🎊

    The launch was a huge success so you're right, now would be a great time to revisit this discussion. As described in my comment above it will be incredibly difficult to add support for local vaults as 1Password for Linux relies on the server to perform a lot of the heavy lifting. The most likely path towards a modern day version of local vaults would be self-hosting of the 1Password service.

    We've seen some excitement for self-hosting in this thread and a few others as well so there's definitely some interest in this idea. It's hard to gauge interest piecemeal like this, however, so I'd like to measure things more formally with a survey. I'm putting together a set of questions to see who wants this feature, how it will help them, and some detailed questions to help ensure we build the right thing if and when we decide to move forward on this.

    I'll update this thread with the survey once it's ready. I'm planning on using 1Password Secrets Automation to store survey responses directly within one of my vaults. I thought this would be a fabulous way to ensure we protect the privacy of people's information and their comments. It also gives me a great opportunity to geek out with our other big launch of this year. 🙂

    Take care,


  • Excellent work on the linux app and thank you, it is an amazing release. That being said, like some I cannot adopt it as my default pw manager without either local only vaults or the ability to choose sync location. Hopefully that will make it into a future release, I think that's a crucial feature these days.

  • dtearedteare Agile Founder

    Team Member

    Hello @vwest! Thank you for the kind words. 🤗 It's great to hear you excitement about 1Password for Linux! 😍

    I merged your question into this thread as I have a long winded response just above your comment that answers this in detail.

    Please give it a read to see where we're at and watch for an update from me in the future with details on the survey. In the meantime, however, I'd like to better understand the "or the ability to choose sync location" part of your question. How are you syncing today?

    Take care and enjoy the rest of your weekend. 👋


  • Please ensure the survey announcement is not just in this thread, but in the release notes at the time. I've missed a few of the previous surveys, due to not knowing they exist (until after they closed)

  • BlakeBlake

    Team Member

    Thanks for the heads-up @k4n30!

    We will make sure everyone is notified properly. We don't want to leave anyone out! 😊

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file