Use only 1 common/shared pool of data for several Mac accounts/Macs

jochenneese
jochenneese
Community Member
in Mac

Hi,
in the meantime I have gone through a couple of flaws with iP4 for Mac but for most of them I know how to get around them. Here is a one where this is not the case:

I want to use only 1 single pool of data (i.e. 1 single set of vaults) for all user accounts on both Macs I use. From what I know every user account on a Mac has its own set of data (within ~/Library/Application Support/1 Password 4/) which may or may not sync their data to Dropbox or other folders/services. So my understanding would be that if I want to achieve this single pool of vaults I would have to make sure that only one account governs the local data (that serve if you will as the overall master data), and no (!) other accounts/Macs has any local data but operate solely on data that is published via Dropbox (the respective folders being synced between Mac accounts, Macs and possibly also iOS devices).

Thus, it is made sure that data entered or changed by one of the accounts is always stored to the central data pool (on Dropbox in this case) instead of to local data storage in ~/Library/Application Support/1 Password 4. First, I'd like to ask the support team whether this understanding of the mechanics is correct.

Now the problem: For some reason one of the accounts still has local data that contains 2 items in its "own" primary vault. What I want is that all accounts use the "central" primary vault on Dropbox as their primary vault instead of maintaining their own, local primary vault. The question is: How do I tell 1P within a specific Mac user account to delete all local data and link only to the central Dropbox pool of data?

I hope this question is understandable. An answer would be highly appreciated.
Regards
Jochen

Comments

  • jochenneese
    jochenneese
    Community Member

    I'd like to push this problem up since there is no answer from the support yet and the problem persists. To clarify:

    How can I achieve that all users on all Macs see the same (!) set of data (aka "vault") as their primary vault? It is very tedious if I have to change vault every time in 1P mini or within Safari (or even in 1P itself) just because everyone has its dedicated "primary" vault which is empty. It seems like this:

    • If the account that governs the master data shares a vault, this vault is called "1Password.agilekeychain" on Dropbox

    • If I share a second vault, this vault is named "(name of vault).agilekeychain" on Dropbox

    • if the primary vault is shared an "imported" to another Mac account, it is seen within 1P not as the primary vault, but as a vault called "1Password"; the primary vault stays there even if it's empty.

    • there is no obvious way to tell 1P (app, mini, browser extension) to use the "1Password" vault as its default one instead of the empty primary vault.

    Bottom Line: If I share a vault because it contains nearly all of the interesting logins etc., this should be the default/primary vault for everyone. How can I achieve this?

    Thanks!

  • Megan
    Megan
    1Password Alumni
    edited December 2013

    Hi @jochenneese,

    I'm so sorry for the delay in responding to you here but (as you may have noticed) we have been a bit overwhelmed since the launch of 1Password 4 for Mac. We're all working hard and putting in extra hours to get back to our usual snappy responses and we really appreciate your patience.

    It sounds to me like what you want to do here is pretty simple: share your entire password database across all accounts, correct? If this is the case, let's try this:

    • Ensure that your main password database is synced to Dropbox and that all user accounts are signed in to Dropbox with the same user account (or have access to the shared folder)
    • On all secondary user accounts, use our Starting Over Guide to reset 1Password.
    • When you open 1Password for the first time, select "I've used 1Password before"
    • 1Password should detect the datafile in Dropbox, but if it doesn't, navigate to the folder when prompted and select the appropriate keychain

    Please let me know how this works for you!

    And of course, if I'm completely misunderstanding your situation completely please let me know and we'll sort that out as well :)

  • jochenneese
    jochenneese
    Community Member

    Megan, thanks, it seems to have worked. An additional question: Can I delete/rename these data on the primary Mac user account as well? What is the difference between the data living and shared on Dropbox (and the various local copies of the respective "1Password" Dropbox folder) and the data in that ~/Library/Application Support/1Password 4/ folder? Do the other Mac accounts create such a folder again after having started over?

  • sjk
    sjk
    1Password Alumni

    Hi, @jochenneese.

    I'm sure @Megan will be pleased to hear how you've got it working now. :)

    On to your questions …

    Can I delete/rename these data on the primary Mac user account as well?

    Which data would you specifically want to delete/rename? There's currently no easy way to edit a vault's details after it's created.

    Here's a brief summary from another post:

    With 1Password 4, deleting a vault doesn't delete any keychains it syncs with. And deleting any keychains doesn't delete any vaults.

    See that entire post for more explanation of the relationship between vaults and keychains, which ties in with your next question:

    What is the difference between the data living and shared on Dropbox (and the various local copies of the respective "1Password" Dropbox folder) and the data in that ~/Library/Application Support/1Password 4/ folder?

    Understanding the purposes and uses of that data may be a more practical way to describe the difference. :)

    Here are some partial definitions from Your 1Password data in the 1Password 4 glossary:

    • Keychain or data file
      When you use the Dropbox or Folder sync method, 1Password creates a .agilekeychain file for you.

    • Vault
      A collection of items. 1Password creates your default, primary vault for you when you run it for the first time. Everything you see when you open the application—items, folders, tags, everything—is in the current vault.

    1P4 can be used without a keychain (e.g. under Dropbox) but not without a vault (under ~/Library/Application Support/1Password 4).

    The vault data is required (primary); the keychain data in Dropbox is optional (secondary).

    And here's another example of vault/keychain usage to help clarify the difference: post #9.

    Do the other Mac accounts create such a folder again after having started over?

    The ~/Library/Application Support/1Password 4 folder is required by webstore/beta versions of 1P4 and created automatically if it doesn't exist.

    I hope that information is useful. If you have more questions please let me know.

  • jochenneese
    jochenneese
    Community Member

    Hi @sjk, thanks for the explanation. I am still struggling with this: If I share a vault with someone else (or another Mac account on the same machine) 1P creates the .agilekeychain file (on Dropbox or iCloud) to provide every information in that vault. So my understanding would be that the .agilekeychain file (that can be "adopted" by just double-clicking on it and entering the vault password) contains everything that also lives in the primary vault data.

    If that proves to be true: What are data elements in the primary vault files (in ~/Library/Application...) that are not contained in the synced/shared .agilekeychail file?

    My personal impression is that this complexity is one of the reasons for the sync problems you and the users are faced with currently, since sync has to be performed in two ways: a) between the vault data (in ~/Library/Application...) and the shared data (on Dropbox/iCloud), b) between the shared data and numerous subscribers (other Mac accounts, IOS devices, ...). These two ways of syncing have in turn to be kept in sync as well...

    So my bottom line would be that there must be a really good reason why this two-fold data model has been chosen. Maybe you can explain a little bit around this. Thanks.

  • Megan
    Megan
    1Password Alumni

    Hi @jochenneese,

    I'll do my best to explain things for you here. Your complete keychain database is stored in both the local and the sync store. Storing your data in 2 places is a new feature in 1Password 4, and it was implemented as an extra level of protection for users who chose to sync their data to an external solution. In 1Password 3, if you would accidentally delete your keychain file in Dropbox, you were essentially deleting your database (and would have to restore from a backup). Now in 1Password 4, your data is stored locally as well. If you delete your keychain file in Dropbox, or if Dropbox experiences maintenance issues and is not available for a period of time (as happened this past weekend), you can still access your database.

    I can understand why you would think that the extra sync steps are a potential for sync to fail, but I can honestly tell you I haven't seen any issues that have arisen from this. If anything, the local store makes it easier for people to disable and re-enable sync without worry to fix syncing issues. Personally, I think that's a pretty good reason :)

    I hope this helps to answer your question, but please let me know if you would like any further clarification.

This discussion has been closed.