Syncing subset of passwords from Mac Pro to laptop computers
My client owns the Mac App Store version of 1Password 4. He's installed it on his Mac Pro (Early 2008), MacBook Pro (15" Retina, Early 2013), and MacBook Air (Mid 2012). He also owns 1Password for iOS, but first things first.
The two laptop computers are running OS X Mavericks 10.9.2. I think he's running Mountain Lion 10.8.x on the Mac Pro.
My client would like to enter all his passwords and confidential information in 1Password on the Mac Pro, then sync only some of the data to the two laptops. (For example, he does not want bank account and credit card information on the laptops.)
Is there a way to accomplish this?
Comments
-
Hi @billj,
It sounds to me like your client is looking for our Multiple Vaults feature. This will allow him to organize his passwords into vaults and set up separate sync settings for each vault.
In this case, one vault on the Mac Pro could contain all of his very sensitive information and be backed up locally only, and another vault could contain all the information that is to be synced between all computers.
I hope this helps, but if you have any further questions, don't hesitate to ask. :)
0 -
Thank you, Megan. I had a feeling that vaults would be the way to go, but I wasn't certain.
Also, would you please point me to a method for syncing the "less sensitive" vault between Macs? My client does not want to use Dropbox or iCloud. According to the 1Password 4 sync guide, that leaves Wi-Fi Sync and Folder Sync. But the sync guide says Wi-Fi sync is for Mac to iOS, and doesn't mention Mac to Mac. So that leaves Folder Sync?
Can Folder Sync be configured to sync only the "less sensitive" vault? Would it sync in both directions, or only from "master" to laptop?
The Sync with local folder instructions tell me how to configure Folder Sync on the "master" computer. But I'm not finding instructions on how to set up the laptop computers. Would I follow the same instructions on each Mac, and then use something like ChronoSync? Or would I do something else? Sorry if I'm being dense, but I don't have a clear mental picture of the process. I can picture what happens in Dropbox sync and iCloud sync--probably Wi-Fi Sync, too--but not Folder Sync.
0 -
Hi @billj,
You've got a pretty good handle on things here so far. Unfortunately Wi-Fi sync is not yet available for Mac to Mac syncing. I know Folder Sync is a tricky concept to get your head wrapped around at first, but it's really the same as Dropbox, except that you are using a service other than Dropbox to do the magical syncing.
Because these other services have not been tested by us, we can't provide detailed instructions on each, but the basic concept is this:
- You tell 1Password on the desktop to update the 1Password database to folder "X".
- You tell your sync service to watch folder "X", and sync whenever changes are made.
- The sync service will the sync the changes from folder "X" on your desktop to folder "X" (or wherever you direct it to) on the laptops
- You tell 1Password on the laptops to use the data in folder "X" as the database.
Now, you mention that your client isn't interested in Dropbox or iCloud. Of course, this is completely his decision, and this is exactly why we have options like Wi-Fi and Folder Sync in place. However, I just wanted to add a bit of detail here on why we are confident about storing data in the cloud.
With 1Password, your data file is encrypted with an exceedingly secure encryption algorithm called AES. Even if someone were to acquire a copy of your 1Password data file, it would be extremely difficult (approaching impossible in a human lifetime) for them to actually gain access to your passwords without your Master Password. In short, we believe it is just as secure as having the data on your laptop. To learn more about cloud data security, have a read through the following article.
http://help.agilebits.com/1Password3/cloud_storage_security.html
And you can see the thoughts behind our data format's design here.
http://learn2.agilebits.com/1Password4/Security/keychain-design.html
Also, you can check out our blog for many more articles that go into the nitty gritty math behind what makes 1Password so secure.
http://blog.agilebits.com/tag/cryptography_/
I hope this helps, but we're here if you have any further questions!
0 -
Megan, say that your 1Password data contains two vaults. Can you sync just one of them via Dropbox, and have the other one not sync at all? (In other words, the only place the second vault will be is on a particular Mac?)
May I ask two other related questions?
1) If using Folder Sync, do I configure 1Password on each Mac to use Folder Sync? That wasn't clear to me from your note.
2) It used to be that 1Password data was stored in an .agilekeychain file. If you had the retail version of 1Password, it was stored in ~/Library/Application Support/1Password. If you were syncing with Dropbox, it would typically be placed in the root level of Dropbox.
But it seems that the newer versions of 1Password 4 are doing different things with the data. For example, another client downloaded retail version of 1PWD, and his data is stored in ~/Library/Application Support/1Password, but not in an .agilekeychain file.
And the Mac App Store version puts it inside ~/Library/Containers... but doesn't seem to use .agilekeychain file format either.
But I've seen "legacy users" leave their .agilekeychain file in Dropbox after upgrading to 1PWD 4, and everything works fine... and the .agilekeychain file is not converted into another file format.
Am I observing things correctly?
For someone like myself who maintains Macs for numerous clients, it would be great to see a table showing where data is stored for the retail and MAS versions, and in what format. Does something like this exist?
0 -
Hi @billj
I'll do my best to help you understand the intricacies of vaults here. :)
say that your 1Password data contains two vaults. Can you sync just one of them via Dropbox, and have the other one not sync at all?
Yes. Each vault has individual sync settings. The data will only be stored locally until you select a sync option for that vault in Preferences > Sync. The Sync screen in preferences will reflect the particular vault that you are viewing at the time.
If using Folder Sync, do I configure 1Password on each Mac to use Folder Sync? That wasn't clear to me from your note.
You will need to configure both Macs to use Folder Sync. The exact details of this process however will depend on which sync service you choose and what their instructions are for setup.
Here's a hopefully more clear description of how the process will work:
1Password on Mac1 <-> Folder-X on Mac1 <-some-sort-of-sync-service-> Folder-Y on Mac2 <-> 1Password on Mac2
It used to be that 1Password data was stored in an .agilekeychain file.
In 1Password 4, your data is always stored locally in a .sqlite file. The location of this will depend on whether you purchased 1Password directly from our website (~/Library/Application Support/1Password\ 4/Data/OnePassword.sqlite) or from the Mac App Store (~/Library/Containers/2BUA8C4S2C.com.agilebits.onepassword-osx-helper/Data/Library/Data/OnePassword.sqlite). This location is set by default and cannot be changed.
When a user selects a sync source, a copy of the vault's database is made and stored in the appropriate location. For Folder Sync and Dropbox, the data will be stored in the 1Password.agilekeychain format. For iCloud sync, we are using our newly designed cloud keychain format. As we roll out 1Password 4 onto the remaining platforms (Windows and Android) we will be migrating from the .agilekeychain format to the new cloud keychain format. You can read all the details in our article: 1Password 4 Cloud Keychain design.
The data in the sync store (Dropbox, iCloud or your chosen Folder) will be kept in sync with the local .sqlite database.
I hope this helps to explain things, but do keep the questions coming, we're here to help!
0 -
Megan, thank you for the great explanation. It's very helpful to me.
I have one last question.
Up until now, I've backed up 1Password by copying the .agilekeychain file to an external device. Since it sounds like the .agilekeychain is going to be deprecated over time, what should I be backing up instead? It seems as if the OnePassword.sqlite file is the "original." But it's not clear whether I could restore from that.
Two other options occur to me:
1) Make sure the data is fully synced (by locking and unlocking 1Password Mac), then perform File > Backup, use Show Files in Prefs > Backup, and copying the 1Password .1p4_zip file to the backup drive. Then use Prefs > Backup > Find Backup to locate the file and Prefs > Backup > Restore to restore.
2) Use File > Export to create a .pif file, back that up, and store it in an extremely secure place. (For what it's worth, exporting to .pif is still a little, um, temperamental in 1Password 4. I can provide details if this is not yet a known issue.)
Do you have a better suggestion?
0 -
Hi @billj,
I'm so glad to hear my explanation helped you!
Since it sounds like the .agilekeychain is going to be deprecated over time, what should I be backing up instead?
You're right, we are moving toward a new data format, which will be rolled out slowly after 1Password 4 has been released on all available platforms. I think for now you're still best off using that 1Password.agilekeychain file as your off-site backup. When the 1Password.agilekeychain is retired, the vaultname.opvault (cloud keychain) will replace it, and you will be able to use this new file in the same way as you are currently using the keychain.
File > Backup, use Show Files in Prefs > Backup, and copying the 1Password .1p4_zip file to the backup drive.
This is an option as well. Just be sure that you are copying the backup file and not moving it. :)
Please let me know if you have any further questions!
0 -
Hi Megan,
I just followed your excellent instructions and set up a "travel vault" that my client can sync (using Dropbox) between his mobile devices, while keeping his super-secure data on his desktop Mac only.
This works great with Mac App Store version 4.4.
However, when I try to sync with my client's iOS 7.1.1 devices, 1Password 4.5.1 crashes.
The sequence is:
Launch iOS Dropbox 3.1.3 to verify it sees the 1Password data (Dropbox/1Password/Travel Vault.agilekeychain)
Launch 1Password 4.5.1 and choose "'Ive used 1PWD before"
Tap on "Sync with Dropbox"
Tap on Allow
Get "Not Found" alert. ("No 1Password.agilekeychain or 1Password.opvault found in Dropbox. Please make sure you are using the correct Dropbox account and syncing another computer or device with it.")
Tap on Dismiss.
Crash.
Hmm... is iOS 1Password expecting to find a file named 1Password.agilekeychain, and is failing ungracefully when confronted with a file named Travel Vault.agilekeychain? Or that the name contains a space?
Here's hoping you have an answer.
Please let me know if you'd like me to provide additional information.
0 -
Hi @billj,
Thanks so much for that detailed report! Unfortunately, you are correct. Right now 1Password is only looking for a "1Password.agilekeychain" file. It will not find any other fancy-vault-name.agilekeychain. This has been an unfortunate trouble spot for many iOS users who have either re-named their primary vault or would like to install a secondary vault as their only vault on iOS (as it sounds like your client would like to do.)
The good news is that our developers have managed to fix this, and the next iOS update should allow you to select a secondary vault as the primary vault on iOS. (I've just tested here and confirmed.) Now, the iOS update has been submitted to the App Store for review, it will be released as soon as it is approved. Your best option here is to wait for this update. I could provide you with some complicated steps to hack together a workaround, but if you're able to wait for the update, things should be a lot simpler! :)
I'm sorry that I don't have a perfect answer for you right now - I know this is an annoying bug!
0
