1P is asking to access an old OS X Keychain, why?

Smudge

I've been using 1P 4 on Mavericks but due to a system issue, I had to reinstall the OS. I've switched to Yosemite and installed 1P 5.3.2. After moving over the 1P prefs/vaults/etc, everything appeared to be working fine.

As I was moving over other data, one item was the OS X keychain file. I added it in Keychain Access as "Previous Login" so that I could access it as needed but it would be locked. Since then, when I open 1P, it asks me to unlock the old keychain twice.

If I cancel the requests, 1P appears to run without issues. I able to access the vaults and the stored info.
If I enter the password, again 1P appears to run properly. If I lock that keychain and launch 1P, it again asks to unlock it.
Either way, I did not see anything in the logs regarding what it is accessing in that keychain.

I am only syncing 1P via Dropbox, previously and now, so I'm guessing it shouldn't be trying to access iCloud or WiFi sync keys.

So, how can I find out what 1P is after so that I can either move those entries into my new keychain or remove/update the reference within the vault?

Thanks

---

1Password Version: 5.3.2 (532001 AWS)
Extension Version: Not Provided
OS Version: OS X 10.10.4
Sync Type: Dropbox
Referrer: forum-search:mac keychain

AGAlumB

@Smudge: Ack! The OS X Keychain and I are not on good terms... :lol:

Since then, when I open 1P, it asks me to unlock the old keychain twice.

Indeed, I think I used to know why it works like this, but they almost always come in twos for some reason. Frankly, 1Password shouldn't need access to any Keychain items, so it is likely one of two things: 1 it isn't 1Password that's actually making the request (possibly another process which 1Password is triggering, such as iCloud, which will always be running regardless), or 2 these are vestiges of an old version of 1Password. In either case, you should be able to confirm by opening Keychain Access and doing a quick search.

Now, if you simply want to sort out Keychain items that are using an old password, you may be able to manually re-set the Keychain password by doing the following:

1. Press ⌘+Space to open Spotlight
2. Search for "Keychain Access"
3. Open Keychain Access
4. Make sure that "login" and "All Items" are selected on the left
5. Go to File > Lock All Keychains
6. Click the 'lock' icon in the upper left corner
7. Enter your password(s) when prompted

Again, if there are multiple prompts they may require different passwords you have used over time. This should synchronize your OS X Keychains so you can enter it once on login, rather than being prompted over and over again. If for some reason this does not resolve your OS X Keychain password issue, the best thing to do would be to contact Apple for assistance. I hope this helps! :)

Smudge

@brenty: Thanks for the prompt reply. After some searching again, I found the entries causing the requests. No idea why I didn't find them before
I had two application password entries for
Name:com.agilebits.onepassword4.HockeySDK Kind:application password Account:default.BITCrashMetaUserName Where:com.agilebits.onepassword4.HockeySDKand
Name:com.agilebits.onepassword4.HockeySDK Kind:application password Account:default.BITCrashMetaUserEmail Where:com.agilebits.onepassword4.HockeySDK

When 1P starts, it loads the HockeyManager which is checking for these entries from the user's keychain.
Previously I was installing the 1P beta versions, which could be the reason for these entries to exist, but I'm not currently on the beta track. I removed the entries from my previous keychain and 1P no longer triggers the unlock request. :+1:

Perhaps 1P should hold these entries internally instead of in the OS X keychain?
Perhaps 1P should remove these entries if the user switches off the beta track over to the stable track?

You are a smart bunch 8-) I'm sure you can come up with a good solution for handling this situation better. ;)

Drew_AG

Hi @Smudge,

Thanks for the additional information! It sounds like you already figured it out, but just to confirm - yes, those Keychain entries are there because you had used a 1Password beta. HockeyApp is the service we use for crash reporting, so it is normal to have the those items stored in the OS X Keychain. If you had ever entered your name/email in the fields of the HockeyApp crash reporter window, it would save that in the Keychain so you don't need to enter them again next time. It's fine if you want to remove those from the Keychain Access app (and it sounds like you may have already done so).

I'm not a developer myself, so I don't know for sure if it's possible to implement your suggestions for how you'd like that to work, but I can forward your thoughts to our developers. If it makes things easier for our customers, I'm sure they'll consider it! :)

I hope this helps explain/confirm what's happening with the OS X Keychain. If you have more questions about that or need anything else, please let us know!

sjk

Hey @Smudge,

Previously I was installing the 1P beta versions, which could be the reason for these entries to exist, but I'm not currently on the beta track. I removed the entries from my previous keychain and 1P no longer triggers the unlock request. :+1:

Sorry to hear you're no longer running 1Password for Mac betas. If you choose to return to them in the future and any HockeySDK entries reappear in your Apple/iCloud Keychain you can Always Allow access for those entries to stop future prompting instead of removing them, as I described in a reply here.

Cheers!