1Password vs. iCloud Drive vs. FileVault whole disk encryption on macOS Sierra

neville
neville
Community Member
in Mac

I am running 1Password v. 6.5.1 on my MacBook Pro (late 2016) and MacMini (late 2014). I keep the 2 in sync by having them share the same 1Password Primary vault via a folder that lives on my iCloud Drive. Path is iCloud Drive > 1PasswordSynch > 1Password.opvault

Everything was working fine until I enabled FileVault encryption on my MacBookPro. Now, changes made to items (edits or new adds) on my MacBookPro do not show up on my MacMini, even though the UI on the MacMini states that the 1Password vault file was synced moments earlier, and well after I saved edits from my MacBookPro.

Does 1Password file-based sync not work with FileVault?

How can I get my 2 machines synching agin?

1Password Version: 6.5.1
Extension Version: Not Provided
OS Version: 10.12.1
Sync Type: iCloud Drive

Comments

  • Drew_AG
    Drew_AG
    1Password Alumni

    Hi @neville,

    Sorry to hear your 1Password changes aren't syncing correctly after enabling FileVault!

    With or without FileVault enabled, unfortunately iCloud Drive isn't a good option for syncing 1Password data. That's because your sync file (.agilekeychain or .opvault) is actually a folder bundle on a Mac, and iCloud Drive doesn't always reliably detect changes to Mac's folder bundles. It's possible that enabling FileVault somehow triggered that, but it might still be a problem even if you disabled FileVault again.

    This is one of the reasons the iCloud option in the 1Password sync settings uses Apple's CloudKit technology instead of iCloud Drive (CloudKit and iCloud Drive are different features of Apple's iCloud service). Is there a reason you're using the Folder sync option with iCloud Drive instead of using the actual iCloud option in 1Password? If not, you should switch from 'Folder' to 'iCloud' in the sync settings in 1Password on each Mac. That should ensure your data syncs correctly. But if you have any questions about that, please let us know! :)

  • neville
    neville
    Community Member

    Hi Drew -- Thank you for the information. After reading your response, I went back to the MacMini (where 1P was showing the older version of the data), opened the iCloud Drive folder in the Finder, and double-clicked the vault file (icon) to launch 1P. iCloud put up an alert letting me know that the local file on my MacMini was out of synch with what was on iCloud, and gave me a choice of 2 versions to keep. I chose the newest one, and now the MacMini 1P data is back in synch with the MacBookPro copy.

    So far, so good!

    However...

    I also use 1P on Win10. Right now, I am accessing the 1P vault on Win10 via iCloud Drive as well, after installing Apple's iCloud extension for Win10.

    I'm not averse to using Dropbox to synch across all devices however.

    So, next questions:

    1) How does handling of the 1P vault differ between using iCloud Drive and Dropbox. Is it still a file package? If so, does Dropbox do any better with managing the updates than iCloud Drive would?

    2) Is the 1P vault (or any updates) encrypted by 1P before being pushed to Dropbox? (I do not want unencrypted data being pushed to any cloud services.)

    3) Does using Dropbox to share across platforms/devices work OK with FileVault on the Mac?

    4) In general, would using Dropbox to share across devices be more reliable than iCloud Drive?

    Thanks for your help!

  • Drew_AG
    Drew_AG
    1Password Alumni

    Hi @neville,

    That's interesting - thanks for letting us know what happened with the 1Password sync file in iCloud Drive! I'm glad the sync is working again. You're welcome to continue syncing that way as long as it's working for you, but keep in mind there's a possibility that you'll run into problems with that setup at some point.

    To answer your questions:

    1) How does handling of the 1P vault differ between using iCloud Drive and Dropbox. Is it still a file package? If so, does Dropbox do any better with managing the updates than iCloud Drive would?

    The sync file in Dropbox would be the same kind you currently have in iCloud Drive (a .opvault bundle). Assuming there are still potential problems with iCloud Drive detecting changes to Mac folder bundles, Dropbox will be a more reliable sync option. (Unfortunately, 1Password doesn't support syncing via CloudKit on Windows - otherwise that would also be a reliable option for you.)

    2) Is the 1P vault (or any updates) encrypted by 1P before being pushed to Dropbox? (I do not want unencrypted data being pushed to any cloud services.)

    1Password is secure by design and your 1Password data is end-to-end encrypted, which means it is encrypted on your device and remains encrypted when syncing. So, 1Password simply doesn't depend on the security of the cloud sync service to protect your data.

    Your data file is encrypted with an exceedingly secure encryption algorithm called AES, and even if someone were to acquire a copy of your 1Password data file, it would be extremely difficult (approaching impossible in a human lifetime) for them to actually gain access to your passwords without your master password. We have more information here: How 1Password protects your data when you use a sync service

    3) Does using Dropbox to share across platforms/devices work OK with FileVault on the Mac?

    Definitely! That won't be a problem at all.

    4) In general, would using Dropbox to share across devices be more reliable than iCloud Drive?

    As far as syncing your 1Password data, yes.

    We're here for you if you have more questions about that! :)

This discussion has been closed.