Events Logging and local SQLite DB access
Hello! I'm back and digging into the technical details of 1Password again. It's been a while. :)
We're very interested in the new events logging features that are available using the v8 client, especially to be able to audit accesses of very sensitive secrets (or to build detections around, say, someone grabbing a copy of every credential in the vault).
However, on first glance it seems like this feature can be "easily" bypassed by using a local custom client that reads and decrypts the SQLite database directly. Is this definitely the case?
I've seen that there's a way to restrict vault access to certain applications (for example, to deny access to a given vault using an iOS client). Is there any way to restrict a vault to online access only? That is, so that the client has to individually fetch items from the server when being accessed, guaranteeing that the access will be logged? This would eliminate the local copy of the data, and ensure that custom clients can't walk through the vault (or export it or anything) without being detected.
This is all to guard against a malicious insider -- someone who has the proper credentials to access the data. Our concern is guaranteeing that the access is logged and tracked, and as it stands now, it seems we can't guarantee that.
Thanks!
david.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided
Comments
-
Hello David,
You've got some fantastic questions, and I'd like to connect you with our security team to help get you the right answers. Can you send an email to BusinessSupport@1Password.com from your business account email address? This will open a support ticket so I can connect you with our security experts. Please include a link to this post in your email.
The system will also reply to your email and give you your support ticket number. Please reply here on our community site and share that ticket number so I can help to expedite your case.
Thank you,
0