Multiple Vaults

oshloel

I'm not a 1PW 4 beta tester, so this might be misplaced and I know you won't publicly speak about v4 features; nevertheless, here you go.

One feature that has been requested in the past is the ability to selectively sync 1PW items between family members, etc. In our specific situation, my wife and I have a set of shared items as well as login items in particular that are specific to each of us - the classic yours, mine & ours situation. Obviously, both of us want the shared items as well as our own specific items synced with our iOS devices (we maintain separate iCloud & dropbox accounts).

In summary, I'd like to have "mine" and "ours" items on all my devices (mac/iPhone/iPad) and she would like "hers" and "ours" on her devices with the "ours" set being able to sync between us without ongoing manual intervention. This would be very much like iCloud calendars work today where you can share some calendars and keep others specific to your own devices.

Hopefully, the concept of multiple vaults in 1pw4 will be able to work in this fashion. Currently in 1pw3.9, it's necessary to export, transfer and then import changes or additions to our shared items, which is inelegant and a pita at a minimum.

Rick

khad

Right now multiple vaults are only supported in 1Password 4 for Mac. We are looking at adding support for this on iOS in the future, but I don't have a time frame I can provide. It is a pretty substantial change, so we want to make sure to do it properly and not rush it there.

So, with that in mind, you can create multiple vaults in 1Password 4 for Mac and sync one of them with between your Mac and your wife's. Then you can use the Item > Share menu to share items from one vault to another, or just create new items in the shared vault. They will sync automatically to the copy of the shared vault on her machine if you have set up syncing.

Please let me know if you still have questions once you've had a chance to use it. I think it will probably make more sense once you try it out. :)

Jono

I'm interested in the doing the same, sharing data/vaults between my wife's and children's Macs and iOS devices.

I can't see how to sync a new vault I created (not my primary one) between my wife's Mac and my own. Are there instructions somewhere on how to do this?

Jono

…never mind. I found out how to do it now :)

I see in screenshots you can change the colour and image inside the vault icons. How do we do this?

MikeT

Hi @Jono,

When you create a new vault, you can just drag an image into the vault icon and there's a color picker next to the vault image:

Jono

Thanks @MikeT. So it's not possible to change this once you've created a new vault?

thightower

@Jono

Thanks @MikeT. So it's not possible to change this once you've created a new vault?

No not currently. In the future it will be changeable.

I assume you would like to change one of them. If you are using Dropbox sync you can relatively easily do this.

1. Make sure syncing has been enabled and a keychain has been created in Dropbox. Remember each vault has its own keychains and sync settings.
2. If its the kids keychains, just make sure you have access to that keychain thru a shared folder.
3. Delete the Vault. This will NOT delete the keychain. * Make sure before doing to confirm you do have a valid keychain for that vault. If in doubt and to be doubly sure. You can create an export file to be safe. Better safe than sorry.
4. Double click the keychain.
5. In the pop up window for adding a new vault configure your new colors and or pictures. (I have done this myself.)
6. Fill in the password for this vault. again in your case as well as mine it was an existing vault so use the password thats needed to unlock that specific keychain.

I hope this made since. I am running out the door to grab my kids from school. So time is short, if you get hung up, Ill be back in about 30 minutes.

AGAIN, FOR USERS NOT FAMILIAR WITH 1Password WHOM WILL UNDOUBTEDLY FIND THIS TOPIC.

Before you remove any vaults make sure you either have access to an existing keychain for that vault,
or
If its a new vault you just created make sure and set up the vault syncing settings (sync preferences) so a valid keychain is created before removal of the vault. Allow that sync to finish with Dropbox before proceeding as noted above.

Jono

Excellent. Thanks for the help!

oshloel

Khad,

Thanks. That has got me started; although, it can't be truly tested until 1pw4 iOS will support multiple vaults.

Regardless, for this to be truly seamless (particularly for a non-techie such as my wife) and function in the same fashion as iCloud calendars there needs to be a way for 1PW to have everything accessible without requiring the user to continually switch between vaults to find or fill & go a login, etc. depending upon whether it's a synced item or a personal item.

It seems that this could be accomplished if one of two feature options were to be implemented

• 1PW4 (and the iOS version) gain the capability to display, sort and search across multiple vaults - i.e. two vaults selected simultaneously rather than having to switch between them multiple times a day. This would seem to be a good feature even for an individual user with more than one vault in order to minimize repeated switching between vaults.

or

• the Item > Share function to copy a login etc from a shared vault to a personal/primary vault needs an option to keep the item in sync between the two vaults rather than just copying over once. As it seems to be now, I can set up my wife to use one primary vault that contains both her specific items as well as our common/shared items by copying (Item > Share) the common items from our shared vault to her primary vault. However, if I update a common item in the shared vault, it does not sync to either her nor my primary vault. It has to be copied over individually each time, requiring access to both computers, remembering to do it and remembering which item(s) were updated.

Does this make sense?

Rick

sjk

Hi, Rick (@oshloel).

Thanks for the detailed suggestions and reasons for them, which make total sense at least to me. :) Both have been previously mentioned and are under consideration for a future update. Or maybe there's another approach to this that would work even better.

The first seems less flexible, but more easily manageable and less error-prone. The second adds more granularity, but introduces issues like item ownership.

For now you could do something like add tags to shared items to help keep track of them. Maybe someone else has other suggestions.

I hope that's helpful!

dfsutherland

The solution that seems obvious and intuitive to me is this:

• Search, display, sort, etc. work across all open vaults by default. This should probably be configurable on a per-vault basis for those with more complicated needs. That said, it seems like the obvious default for less-techie users.
• Updates to items in a shared vault propagate by the usual sync methods. This would allow the "ours" vault to update when any family member makes a change (for example).

Key advantages of this approach are that it avoids both the need to track ownership of items (in the sense of "who's allowed to change this item") and also the need to track relationships between items in multiple vaults (which is, of course, distinct from the problem of synching between instances of a single vault on multiple machines).

None of this really becomes useful, of course, until all devices used in a particular organization/family/whatever have support for syncing and working with multiple vaults. (cue Mr. Rogers: Can you say "iOS"? I knew you could... :-) )

Megan

Hi @dfsutherland,

I'll add your vote to the "search all vaults by default" pile (I'm with you there too!)

Updates to items in a shared vault propagate by the usual sync methods.

This is already the case: an updated item in a shared vault will sync to all users of that vault as immediately as your sync source allows.

Personally, I know this is only the tip of the iceberg when it comes to plans for vaults, and it sure is hard to be patient, but all I can say is that more features and updates are coming :)

odysseus

Yes, I'm with @dfsutherland completely, particularly with regards to "Search, display, sort, etc. work across all open vaults by default."

sjk

Your agreement's noted, @odysseus. :)

madeyourday

Kudos for the multiple vaults feature! Just one important suggestion: As already mentioned multiple times: The absolutely first thing you run into while using this new feature is the lack of a global search. Imagine the standard use case... you log into a multitude of different sites everyday some of them with your private passwords, some with your business account. 1Password should check all present vaults for passwords by default in my opinion. Very. Very. Important.

1PW4 (and the iOS version) gain the capability to display, sort and search across multiple vaults - i.e. two vaults selected simultaneously rather than having to switch between them multiple times a day. This would seem to be a good feature even for an individual user with more than one vault in order to minimize repeated switching between vaults.

-

Search, display, sort, etc. work across all open vaults by default. This should probably be configurable on a per-vault basis for those with more complicated needs. That said, it seems like the obvious default for less-techie users.

So +1.

Keep up the good work.

lucas3d

Hi all,

I have the same issue than many people with multi-vault.
My wife and me have a personal vault and a share family vault for commun password (bank, electricity, gas,..)
The current solution to switch in between vault for login in different accounts aren't not friendly.

Search password in multiple vault look the better solution.

I bought 1Password 4 principally for this multiples vault solution.
I hope it's get fix soon.

adamtb

What happens if I share a vault with someone and then want to revoke their access to the vault later?

• Would I change the vault password?
• Remove them from the dropbox folder where the keychain is stored?
• Do they retain access to all the passwords they had up until I revoked their access?

Once I remove a person, I would ideally like their access to passwords to be completely removed. Is this currently supported?

Stephen_C

@adamtb, strictly you can't revoke access to a vault already shared. Generally, see this knowledge base article.

Stephen

oshloel

Stephen is correct; however, you could try the following:

Rather than initially revoking someone's access to the shared DB folder, you might move the 1pw folder/keychain out of the shared folder and give it time to sync to the other party. That should erase the 1pw info from their DB account and the DB folder on their local drive (along with yours as well); after which you can shutdown sharing of the folder with them and move the 1pw file back. Of course, this won't help if the other party has copied the 1pw info outside of the shared DB folder. It's also a bit of a pain if you are sharing with multiple people and want to revoke the privileges of only one.

Stephen_C

Thanks for that helpful supplemental information, @oshloel.

Stephen