Automating Copies of Backups
I am fairly well stunned to see in the manual: "It is not possible to change the backup location."
Gaaah.
I appreciate that you make backups and I appreciate the OSX security model. But frankly, I've got 800-odd entries and I need to have my own backups elsewhere for peace of mind.
I'd planned to have Hazel (Automator) watch the backup folder and copy new backups off to another versioned location. However...you stick the backup folder in a container so no other app can get to it.
When I look in the Dropbox folder for my vault, I see it's an .agilekeychain file, while the backups you create are .zip so I suspect just copying the .agilekeychain file when it changes is not safe. I was planning to have a folder watch that copied all .zip files.
So I can do this:
- Create a symlink (/Users/myname/1Password_Backups -> /Users/myname/Library/Containers/etc./Backups)
- Have Hazel watch that symlink'd dir.
I tested this solution and it works. I'm just wondering if I've opened up some hideous security hole.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Making the Library folder visible fixed this - no symlink needed.
http://www.macworld.com/article/2057221/how-to-view-the-library-folder-in-mavericks.html
0 -
Hi @raindog308,
I'm glad to hear you were able to make that process a bit easier by making the Library folder visible! If you want to automatically have your 1Password backup files backed up to another location, your solution of using Hazel to do that is certainly a good one. Please also keep in mind that if you make full backups of your Mac (using Time Machine, or other backup tools), your 1Password backups should be included in those, too.
To address a couple other things you mentioned:
When I look in the Dropbox folder for my vault, I see it's an .agilekeychain file, while the backups you create are .zip so I suspect just copying the .agilekeychain file when it changes is not safe. I was planning to have a folder watch that copied all .zip files.
You can certainly make additional copies of the .agilekeychain sync file in Dropbox if you want to. However, it's better to use the .1p4_zip backup files for a couple reasons. First, a .1p4_zip backup file contains a backup of all the vaults you have in 1Password on that Mac, whereas the .agilekeychain sync file only has the data from a single vault.
Second, backups (such as .1p4_zip files) are copies of your data that are stored in a safe place and are unchanging. An .agilekeychain file is used to sync your data, so it's constantly changing and shouldn't be thought of as a "backup" (although it could be used to restore your data if necessary).
I'm just wondering if I've opened up some hideous security hole.
No, not at all! Your 1Password vaults are stored internally in a SQL database file on your Mac, and the .1p4_zip backup files are basically just zipped copies of that database. So, those backup files are just as secure as your regular 1Password database - even if someone were to get a copy of one of those backup files, they wouldn't be able to access the data stored in it without your master password.
Hopefully you're all set, but if you have more questions or need anything else, just let us know - we're always happy to help! :)
0 -
Thanks for the detailed response - awesome.
I probably sound paranoid but losing my password vault would really, really suck so keeping many (encrypted, versioned) backups gives me peace of mind :)
0 -
Greetings @raindog308,
Paranoid? not in the slightest! many of us keep so much data in our own vaults that the loss of the vault would be crippling. I supply unique email addresses to each site I use so if I were to lose my vault I can't even use password recovery, I think I'd probably be in a catatonic state should that happen.
0
