Syncing method clarification (forced change)
Hi,
Happy long time user of 1password! I currently use it on a macbook pro in os x (el cap, v_6.5.3) and bootcamp windows (10 v_4) along with an iphone (ios 10 v_most recent version). I've used Dropbox to sync data up to this point. I keep clients info in individual vaults which works well but recently have had two clients require passwords/keys etc. not be used with a cloud service. Kind of a bummer but need to honor their wishes.
So, I spend the vast majority of time in OS X and iOS. I do need that data in windows as well though. Could I set 1password in mac to sync each vault to a folder to access from windows? It appears that 1password will not be able to access the vaults due to read only attribute from windows. Has that changed? Could I use a third party driver (paragon) to enable read/write to the sync folder to read the info from windows installation?
Last, I need to sync the info with my iphone as well. Can I sync to a folder and use wlan for the iphone? My vaults appear to be a mix of opvault (newer) and agilekeychain. Should I convert all to opvault prior to using these methods (if they're an option)?
1Password Version: 6.5.3
Extension Version: Not Provided
OS Version: 10.11
Sync Type: dropbox
Comments
-
Hi @farmer,
Wow, that's an interesting scenario. I'm a little puzzled about one part of what you've said though. You said...
It appears that 1password will not be able to access the vaults due to read only attribute from windows.
You said you're using v4 of 1Password, so I'm not sure why we'd be dealing with read-only attributes. 1Password 6 for windows can (currently) only do read access to agilekeychain/opvault, but v4 should be fine.
Now to try to get back to your actual issue at hand...
My first instinct is to actually try to convince them that the "not to be used with a cloud service" should be reconsidered. I'm not sure which arguments you've used, if any. Obviously people don't want their credentials stored on a cloud service in unencrypted form. But 1Password's data formats are encrypted. 1Password Teams' addition of the Account Key adds even more security there, and so it may be worth considering that approach.
But if we're going to assume no Teams, no Cloud... I think the solution you've come up with is about as good as you'll manage. It won't quite be as nice though.
To do the Mac <-> Windows sync, you'd want to use 1Password 4 on windows and Folder Sync on Mac, along with a non-cloud folder sync solution. These don't offer the best experience in 1Password, but should work in general.
Where it'll get a little ugly is Mac <-> iOS. To do Wi-Fi sync of those vaults, you would need to also do Wi-Fi sync of your Primary vault. If you're willing to do that, then it should work. If you're not, then I'm not sure how you'll get those vaults onto your iOS devices.
This would be a rather complex situation. I'm hopeful that it can work, but I really think it's worth trying to find a way of doing this in a more simple way which would require storage of the encrypted data on a server.
Rick
0 -
Rick
Thanks for the quick reply! I mentioned most of the arguments you listed, unfortunately I'm an outside consultant and while I have a great relationship with the organization it's really not my place to push internal decision making ;) . I've been syncing their data via dropbox for years, it's a new policy. I wouldn't bother but given the amount of work I do for them it's worth the hassle.
It appears that 1password will not be able to access the vaults due to read only attribute from windows.`>
Sorry if I wasn't clear. If I used 1P to sync to folder with my mac, browsing that folder from the windows installation via bootcamp would provide read only access to the sync folder due to the hfs+ driver included with bootcamp install from apple. That is why I asked about using a 3rd party driver (like Paragon). The reason I asked this is b/c I read through forums for this scenario and found a discussion where another bootcamp user tried to access sync folder from windows and 1P v4/windows could not access it due to read only access. An agilebits employee mentioned the application actually checks for read only and throws an error if that is the case.
You said you're using v4 of 1Password, so I'm not sure why we'd be dealing with read-only attributes. 1Password 6 for windows can (currently) only do read access to agilekeychain/opvault, but v4 should be fine.>
Interesting, I thought v6 was 1Password Accounts only. I only need read capability from the windows install anyway. Could I upgrade to v6 and use it as a stand alone read only viewer? Would browser extensions function correctly in this scenario? If v4 will do read only now that is fine as well.
It won't quite be as nice though>
How so? I realize it's more cumbersome but will it be more prone to sync/data integrity issues?
Where it'll get a little ugly is Mac <-> iOS. To do Wi-Fi sync of those vaults, you would need to also do Wi-Fi sync of your Primary vault. If you're willing to do that, then it should work. If you're not, then I'm not sure how you'll get those vaults onto your iOS devices.>
Again, define ugly? Scaring me a little :) . Currently if I try to enable wifi sync the primary vault is greyed out i.e. I can't uncheck it. I assume that is b/c it is currently synced w/ dropbox? Or is it b/c it's still agile keychain format?
0 -
If I used 1P to sync to folder with my mac, browsing that folder from the windows installation via bootcamp would provide read only access to the sync folder due to the hfs+ driver included with bootcamp install from apple .
Gotcha, I must have missed the bootcamp + hfs+ thing. I assumed physical machine + NAS storage.
An agilebits employee mentioned the application actually checks for read only and throws an error if that is the case.
Yea the app probably barks in that case.
I thought v6 was 1Password Accounts only .. Could I upgrade to v6 and use it as a stand alone read only viewer?
v6 has readonly access to agilekeychain and opvault, but requires that an account be setup. It may work for what you're looking to do here and might be worth a try.
I realize it's more cumbersome but will it be more prone to sync/data integrity issues?
I wouldn't be giving you options that would put your data at risk. :) When I say "ugly" I mean more that either it won't sync as seamlessly or otherwise won't be an optimum experience.
The ugliness I was referring to is mostly that you'd have to switch your Primary vault to syncing via Wi-Fi to your iOS device. Wi-Fi sync only works correctly when both apps are unlocked while on the same network, so it's just not as nice of an experience.
The reason that the Primary vault shows up greyed out is that it's unconditional with Wi-Fi sync. Any device that you're syncing via Wi-Fi needs to have the Primary vault syncing as well. So that means that you can't sync only the secondary vaults via Wi-Fi.
Rick
0 -
v6 has readonly access to agilekeychain and opvault, but requires that an account be setup. It may work for what you're looking to do here and might be worth a try.>
If v6 requires an account are you saying I would pay account fee and just use it as a viewer in windows? Or is there a way to download v6 and just use it as a viewer? v6 is not available for standalone purchase at this time correct?
At this point my usage of windows via bootcamp is decreasing. I may just keep a copy there and just use wifi sync between mac and iPhone. Clarification about folder sync, does 1P sync a copy of the vault/db to the sync folder or is the vault/db moved to that folder for access by multiple installs?
Last, my vaults are a mixture of agilekeychain and opvault. Is there a preferred format at this point? Some of them are really old.
Thanks again!
0 -
v6 isn't available as a standalone purchase, and as far as i can recall the only way to use v6 to read agilekeychain/opvault is to sign up for a 1Password.com subscription and then access those vault files as read-only. The intent there was to provide a pathway for migration from standalone to the subscription.
The agilekeychain/opvault files aren't the primary storage for your data, they're simply an intermediary for getting your data from one install of 1Password to another. The data itself lives in a sqlite file inside of your ~/Library directory (depending on which version of 1Password you're using the path is different).
Unless you need to sync your data with old versions of 1Password your best option is to use opvault.
Rudy
0
