Understand Multiple Vaults and the Keychain Files (agilekeychain)
I just want to understand how multiple vaults work. If I share a secondary vault, I do not want that someone can access any element from my primary vault.
- For each new vault a new file (.agilekeychain) is created, right?
- What information is stored in the files?
- A master password is required to open one vault (primary or secondary). So far I thought that a vault password is required to open a vault and also decrypt it. How is it possible to open and decrypt secondary vaults by using the master password of the primary vault?
Feature ideas (not sure if they make sense) :-)
- Synchronize a single object between vaults – do not share a copy
- The synchronization settings of a vault should not be placed in the general program settings
Comments
-
Hi @d_stone,
For each new vault a new file (.agilekeychain) is created, right?
Not necessarily, your local data is all stored in a SQLite database. The Agile Keychain is only used for syncing purposes. If you enable sync for a secondary vault (Dropbox or Folder Sync), then the new .agilekeychain file will be created.
What information is stored in the files?
The Agile Keychain file contains all your encrypted 1Password data. Details of the Agile Keychain design can be found here.
How is it possible to open and decrypt secondary vaults by using the master password of the primary vault?
The primary vault holds the key to decrypt the data for secondary vaults. What that means is that each secondary vault will have a separate Master Password, but as the owner of the primary vault, you will be able to have access to all secondary vaults when you enter the Master Password of the primary vault.
Synchronize a single object between vaults – do not share a copy
Thanks for the suggestion! You're not the first one to let us know that it would be helpful.
The synchronization settings of a vault should not be placed in the general program settings
The sync settings are currently located in the Sync tab of the Preferences. What different location did you have in mind?
0 -
@JasperP Thanks for your reply.
Not necessarily, your local data is all stored in a SQLite database. The Agile Keychain is only used for syncing purposes.
Ok, I understand. As I performed the upgrade to version 4, I lost all the data and thought they were all in that file. Only a backup of my Time Machine could help. Since then I am careful with this file. I do not trust me, here to make changes.
Where is the SQLite database located? Is there a database for each user account on my MacBook?
The Agile Keychain file contains all your encrypted 1Password data. Details of the Agile Keychain design can be found here.
Thanks.
The sync settings are currently located in the Sync tab of the Preferences. What different location did you have in mind?
I've found that settings. But I do not understand immediately the context in which I find myself. I can not switch the vault. A separate menu item outside the global preferences would be a possibility, right?
0 -
Hi @d_stone,
Thanks for the follow-up questions! I know vaults and syncing is a bit of a tricky issue :)
Ok, I understand. As I performed the upgrade to version 4, I lost all the data and thought they were all in that file. Only a backup of my Time Machine could help. Since then I am careful with this file. I do not trust me, here to make changes.
Where is the SQLite database located? Is there a database for each user account on my MacBook?
In version 3 your 1Password.agilekeychain file was the only place your data was stored, so moving or deleting this file was potentially dangerous (as you unfortunately learned). We changed this in version 4 to prevent against problems such as this. Now, as @JasperP says above, your data is always stored in the SQLite file. When you select your sync source, your datafile is copied into the correct location and format.
Your SQLite file's location depends on where your purchased 1Password:
- If you purchased from the Mac App Store, your datafile is here: ~/Library/Containers/2BUA8C4S2C.com.agilebits.onepassword-osx-helper/Data/Library/Data/OnePassword.sqlite
- If you purchased directly from the Agile webstore, your datafile is here: ~/Library/Application Support/1Password\ 4/Data/OnePassword.sqlite
Please note that this file needs to stay in this location - it cannot be moved.
I've found that settings. But I do not understand immediately the context in which I find myself. I can not switch the vault. A separate menu item outside the global preferences would be a possibility, right?
Each vault has separate sync settings. The settings that you find in Preferences > Sync relate specifically to the vault that you are currently viewing. To change the sync settings of a vault, you must switch to that vault first using either the File > Switch to Vault menu, or by clicking on the vault icon in the top menu bar.
I hope this helps to clarify things, but we're here if you have any further questions! :)
0 -
Thank you @megan. I feel safer now.
deleting this file was potentially dangerous (as you unfortunately learned).
Yes, unfortunately, I had probably made a mistake when upgarde to version 4. Even the backups created by 1Password 3 could not be read with the new version 4. Anyway, I was able to recover my data.
If you purchased directly from the Agile webstore, your datafile is here: ~/Library/Application Support/1Password\ 4/Data/OnePassword.sqlite
Please note that this file needs to stay in this location - it cannot be moved.
I do not intend to move the database. But it is good to know where to find it. I feel better now because I know where my sensitive data are stored.
But what I want to do is move the file “1Password.agilekeychain” from ~/Library/Application Support/1Password to ~/Library/Application Support/1Password\ 4 ... Before that discussion, I would never have dared to touch that file.Thank you for your support
0 -
Hi @d_stone,
I'm so glad to hear that this conversation is helping you to feel safer!
But what I want to do is move the file “1Password.agilekeychain” from ~/Library/Application Support/1Password to ~/Library/Application Support/1Password\ 4 ...
There really is no need to move your 1Password.agilekeychain file. As we've mentioned above, 1Password 4 will create an agilekeychain when you choose a sync location, and it is stored in the chosen location (either in Dropbox or in the folder you choose in Folder Sync.) If you have an 1Password.agilekeychain file in Application Support, that may be left over from 1Password 3 for Mac. Moving it to the default datafile location will not change anything.
If you do have extra keychain files floating around that you would like to sort out, we'd love to see a Diagnostic Report. A Diagnostic Report will tell us which keychains are currently being used by 1Password, as well as the locations of any extras.
http://learn.agilebits.com/1Password4/diagnostic-report.html
Then attach the entire file to an email to us: support+forum@ agilebits .com
Please do not post your Diagnostics Report in the forums, but please do include a link to this thread in your email, along with your forum handle so that we can "connect the dots" when we see your Diagnostics Report in our inbox.
Once we see the report we should be able to better assist you. Thanks in advance!
0 -
@Megan Thanks. I send the report by e-mail. I think there is nothing of version 3 left. After your check, the report is completely removed?
The Answer to my question “Is there a database for each user account on my MacBook?” is: Yes. I have checked it myself, since I now know where the database is located. :-)
0
