Another multiple vaults question - completely independent 2nd vaults?

SlickSlack

I run a dropbox synced system to iOS8 and three computers on various OSX - 10.7, 10.9, and 10.10. A windows laptop may be added later but that's not an issue (yet). The issue I have is that on the 10.9 desktop system I created a second vault for my work logins but I don't see it on the iOS8 or OSX10.10 systems. And working with the second vault, it seems more like a sub-vault of the main one than a different vault altogether. i.e. the password for the main vault opens both vaults.
If any of my clients audit my security practices I don't want them to see their passwords mixed in with my personal data in any way.
Is there a way to make a completely independent second vault? Everything is up to date, software version-wise.

Rad

Hi @SlickSlack‌,

Thanks for taking the time to write to us :+1:

I'll be answering your questions in order:

The issue I have is that on the 10.9 desktop system I created a second vault for my work logins but I don't see it on the iOS8 or OSX10.10 systems.

You need to explicitly add add the secondary vault on your other devices:

• iOS: Settings > Vaults > Add Vault > Sync with Dropbox
• Mac: Double-click on the agilekeychain file

And working with the second vault, it seems more like a sub-vault of the main one than a different vault altogether. i.e. the password for the main vault opens both vaults

The secondary vault is not a sub-vault of the primary vault. It is an independent vault which can be unlocked by your primary vault's Master Password. This is standard behaviour, it is not a bug.

If any of my clients audit my security practices I don't want them to see their passwords mixed in with my personal data in any way.

You personal and work data are not mixed. They simply coexist in the same app. You can share a secondary vault with somebody else while your primary (personal) vault will remain private (unshared).

Is there a way to make a completely independent second vault?

You can also unlock only the secondary vault by switching vaults in the 1Password > Switch Vault menu and by entering its password.

Hope that this helps :smiley:

Cheers!

Lamplighter

@Slickslack wrote, in part: "...If any of my clients audit my security practices I don't want them to see their passwords mixed in with my personal data in any way. Is there a way to make a completely independent second vault ?..."

You might be able to make use of the "feature" that when 1Password is locked you can still open your secondary vault separately... just select that vault and enter the secondary vault's own password. ( Do not use your Master Password ) .

In that situation, your primary vault (and all other secondary vaults) remain locked.

( At least I think that is the way it works ! )

Rad

Hi @Lamplighter‌,

Thanks for your assistance :smiley:

Yes, this is how it works. You can unlock only a secondary vault by switching to it in the 1Password > Switch Vault menu and by entering its password. All other vaults (including the primary) will remain locked.

@SlickSlack‌, hope that this helps.

Best,

SlickSlack

Sorry been away for a while. I get that this is intentional. I think for my usage the secondary vault isn't quite independent enough for the usage case I had in mind. Other then that I am using 1PW quite a lot. It's changed much of how I work with my growing login list.

SlickSlack

Rad:

You need to explicitly add add the secondary vault on your other devices:

>

iOS: Settings > Vaults > Add Vault > Sync with Dropbox
Mac: Double-click on the agilekeychain file

I just tried adding the second vault on my iOS8 5s. When I chose "add vault" it only sees the original Primary Vault. Where is the Secondary vault and how can I get iOS to see it?

Drew_AG

Hi @SlickSlack,

Each vault has its own sync settings in 1Password, so you'll first need to set up Dropbox sync for the secondary vault on your Mac:

• On your Mac, open 1Password and switch to the secondary vault.
• Go to the 1Password menu and select Preferences, then choose Sync.
• Select Dropbox, and then click the Choose button.
• Choose your main Dropbox folder and click Open.
• Click Create New when you see the message about creating a vault in Dropbox.

This will create a new keychain file in the Dropbox/1Password/ folder, and the name of the vault will be in the keychain name. For example, if the secondary vault is called test the new keychain will be test.agilekeychain.

Once the new vault has fully synced to Dropbox, you should be able to add it to 1Password on your iOS device.

Does this help?

SlickSlack

Does this help? But of course it helps. More than that, it solved it. Almost like one of those answery things that people are always going on about.

Thanks @Drew_AG‌

SlickSlack

And then.... of course I need to ask the stupid sounding question that requires another answery thing. How does one add the second vault to another OS X system? I truly went through the manual for this and couldn't find anything so the TFM has been R'd. Really.

I attempted to switch the syncing method on the 2nd OS X in an attempt to see if it would recognize that there were now two vaults but all it did was add a version of "1Password.agilekeychain" into the folder called 1Password in the Dropbox where I can now see the secondary vault as well. So there's a "1Password.agilekeychain" at the top level of Dropbox and a "1Password.agilekeychain" in the folder called 1Password.

Jasper

Hi @SlickSlack,

To add the vault on another Mac, find the . agilekeychain package in Finder. Simply double-click the .agilekeychain to open it in 1Password. You'll be prompted for the secondary vault’s Master Password, and the vault will be added once you enter the password.

Please let us know if you have any other questions. We're always happy to help! :)

SlickSlack

Is there a difference between the 1Password.agilekeychain on the top level of dropbox and the 1Password.agilekeychain in the 1Password folder in Dropbox? It looks like the one on the top level was last changed around the time I installed 1PW or maybe when I made the second vault. The one in the folder was recently updated. Can I delete the old one or are they both needed?

littlebobbytables

Hi @SlickSlack‌

Odds are you will be able to safely delete one of those but before we do we want to ensure that it definitely isn't in use.

Having read over the thread my understanding is you have a single primary and one secondary vault that you're sharing between multiple devices and that there's been a bit of trial and error involved to get everything working.

I would like you to do the following on each Mac:

1. Open 1Password and ensure you're viewing the primary vault.
2. Enter 1Password's preferences and switch to the Sync tab.
3. Make a note of the location of that 1Password.agilekeychain
4. Close the preference window and switch to your secondary vault.
5. Enter 1Password's preferences and switch to the Sync tab.
6. Verify that the secondary vault's agilekeychain is not titled 1Password.agilekeychain

On your iOS devices do the following:

1. Open 1Password for iOS and go into Settings > Vaults.
2. Bring up the Sync information for you primary vault by touching the blue i button on the right hand side of where it says Primary.
3. The top line should say Sync Service on the left and Dropbox> on the right, touch where it says Dropbox>
4. Make a note of the location of that 1Password.agilekeychain
5. Return to the list of vaults and do the same for your secondary vault, verify that it is not titled 1Password.agilekeychain

Once you've done that you should have a list of locations for all the primary agilekeychains in use. Now as long as they all say Dropbox/1Password.agilekeychain then you're free to delete the /1Password/1Password.agilekeychain one or vice versa.

These are basically the steps to cover your yourself and make sure they're all definitely using a single agilekeychain and that deleting one won't mess everything up.

If you have any questions, need anything explained in more detail please do let us know.