How to export vault while offline?
As part of my disaster recovery testing, I attempted to bring up an old machine and export my passwords. It was last synced a month ago. I kept the machine offline to simulate 1Password being unavailable or out of business.
To my dismay, I was not allowed to export my vault while offline.
Can this please be fixed? Exporting data synced locally should not require an internet connection. All the data remained accessible offline, just in the UI, so it's not a security issue. Full access is full access, even if it's tedious.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Windows 10 22H2
Browser: Not Provided
Comments
-
Hello @kogir! 👋
Thank you for reaching out. The 1Password app has to be online for an export to take place for two main reasons:
- Not all data may be available locally. Things such as attached files and Document items are fetched and cached locally "on demand" when you first view them on a particular device. When you export your account, the 1Password app will download every file and Document item so that it's included in the export even if you've never viewed certain files or Document items on that device before.
- For security and compliance reasons, export actions need to be auditable as part of the Activity Log feature available in 1Password Business. An offline export would allow someone to just disconnect their device and export data without this action ever being recorded, making the Activity Log inaccurate and incomplete.
That being said, I can see how an option to allow exporting of data even when offline would be useful for things like disaster recovery and I've passed your comments along to the team internally.
-Dave
ref: dev/core/core#33645
ref: PB-437074450 -
Thanks for the explaination @Dave_1P !
It's probably my fault, but I was under the impression each logged in machine was operating as a duplicate copy of my data, and that point in time system backups, like Time Machine or Windows File History, could function as a backup of my vault.
If that's not the case, is there a recommended way to regularly take full, encrypted backups? If not, I'd love to see that and will absolutely set it up. Ideally part of 1Password CLI so it can be scripted.
0 -
Thanks for the reply. The 1Password desktop app maintains a local cache but that local cache may not have a complete set of your data. With modern versions of 1Password, the database schema can change over time so you may need the exact same version of the 1Password app that created the local cache in your Time Machine backup to open a version of the local cache from something like a Time Machine backup.
If that's not the case, is there a recommended way to regularly take full, encrypted backups?
As part of your paid 1Password membership, your items and files are encrypted and backed up to 1Password.com and then replicated to redundant copies on our end. If you need to restore an older version of an item you can do so: View and restore previous versions of items
While you can export a copy of your data at anytime using the 1PUX export tool, this export isn't encrypted and I wouldn't recommend using it as a backup since it doesn't contain features that a backup would have such as versioning.
-Dave
0 -
Thanks for the explanation. I'd been lax and not dug into the details since the 1Password 7 -> 8 transition.
This will help me re-think my backup and disaster recovery strategies, and determine if 1Password still fits as the best solution for my family.
0
