To protect your privacy: email us with billing or account questions instead of posting here.

Offline copy/cache of 1Password.com account data

Comments

  • iceout
    iceout
    Community Member

    @ssoroka I am looking to clarify or verify the answer you provided in this thread.

    The q/a is next then I will ask my question

    Does `1Password subscription keep a complete copy of 1Password data on each device for offline access?

    Yes, 100%. If your device has internet access, it will keep up to date.

    Under a subscription, will I be able to use 1Password Mac to save a backup of my data (like the 1Password xxx.1p4_zip files I currently create with "legacy" Mac App Store 1Password), and will I be able to restore 1Password from that backup? In other words, can I still keep my own, restorable backups of my data? Does the subscription service rely solely on 1Password.com for data backup?

    Currently we manage backups for you. We do them frequently and store them encrypted (on top of your existing encryption). Ideally you shouldn't ever have to do a backup of your own, however if you would still like to, you can select the account and go to File > Export to create an unencrypted local backup. The only caveat to this is that as of today, Feb 27, 2017, document items are not included in this backup as we changed how they are handled in subscription accounts. I expect this will be remedied soon.

    Your answer to the first question indicated that when using the subscription model that an offline version of the database is kept so you can still access your vault when not online. The answer to the second question indicated that it is not possible to use the macOS version of the app to then get a local backup copy of that vault as is done when not using the subscription model.

    My new question is: It seems like if I do still have an offline copy of the vault I should be able to back it up. Is this just not the way it will work when using the subscription model? If i did want to back up the vault you commented that it would be an unencrypted version of the vault and that just seems crazy.

    Looking forward to your reply.

    Thank You.

  • Hi @iceout,

    So there are a few different things at play here.

    1. Local cache. Every time you sign into your 1Password account using one of our apps, if you have internet access, the app caches a copy of your data on the device. This protects against things like the 1Password service being unavailable or your device being unable to access the internet.
    2. Online backups. The server keeps automatic backups as well as item history. This protects against "oopses." Oops I deleted Item A and I meant to delete Item B. Oops I changed the password on Item C but didn't mean to. These sorts of things are protected against by online backups.
    3. "Local backups." These do not exist. I'd be curious to hear what sort of scenario you can imagine where this would help, and the above would not.
    4. Local export. It is possible to export your data (sans-Documents) to a 1PIF ("1Password Interchange File") file. This is not really intended as a backup, but I suppose could be used (very carefully) as one. Definitely not recommended unless you are comfortable setting up your own encrypted container to house this file. The primary purpose of the 1PIF is as an export format, not a backup.

    I hope that helps. Please let me know. :)

    Ben

  • iceout
    iceout
    Community Member

    Hi @Ben

    Thanks for the reply.

    Couple thoughts and comments.

    So once I go offline does my local cache get encrypted or is the local cache always encrypted etc.? Is this local cache not saved as a vault for access when I am offline?

    The reason I want a solution for a local encrypted backup is that a Solid backup strategy in my world is not to just use a cloud solution that I have no control and or method of validation for that my data is actually backed up and available in and from multiple locations to prevent a complete data loss in the event of a major hardware failure and or natural disaster.

    I realize the documented solution that you are using with AWS and Availability Zones etc. is a good one but I would never know or have any way of knowing when there is a point of failure or complete loss until it is too late.

    What if my cache is cleared somehow and I am not able to get back online? I would need a local backup in this scenario as well.

    Many scenarios, all not entirely likely but that doesn't mean they can be ignored as reasons a local backup is necessary.

    Thank You

  • danco
    danco
    Volunteer Moderator

    Though 1PW does not do local backups with the subscription model, I assume (but have no detailed knowledge) it is possible to backup the cache using any suitable file copy process of your choice. Even cache flies should be available for such a procedure.

  • Hi @iceout - The local cache is always encrypted on disk. It's a cache of all the vaults, and it's stored in a database similar to the standalone licenses, but with few changes. With our new accounts, we don't have an option to create local backups since we take care of this on our end. However, we do appreciate the feedback and for letting us know this is something you're interested in seeing in the future. :+1:

  • iceout
    iceout
    Community Member

    @Ben @Frank I am revisiting this conversation to see if there has been any new updates from your internal teams on reconsidering the ability to have a local backup option available even when using the new Account model?

    As we have all seen there are many scenarios where things can go terribly wrong in the cloud when someone issues the wrong command.

  • Ben
    Ben
    edited June 2017

    @iceout,

    Other than the local cache that is already available I'm not aware of any plans for a local backup for 1Password.com accounts. Additionally you can currently export your data to an unencrypted export file, and then make an encrypted backup of that.

    where things can go terribly wrong in the cloud when someone issues the wrong command.

    This problem isn't unique to "the cloud." :) The difference is that we have a fair bit more redundancy built in than the average consumer.

    Ben

  • iceout
    iceout
    Community Member

    Thanks for the reply @Ben It seems like this will be a fundamental design flaw. Relying 100% on a third party to ensure my data is safe from being deleted by accident is unacceptable in my opinion. And a suggestion that I can export my data to an unencrypted file and then need to encrypt it myself seems to be another flaw. I will need to visit the other posts to find out if there is more info on when the local version of your software is going away so I can try to find another solution before then. I will not be able to use this product once the Account model is the only model available unless there is a change to how I am able to backup my vault locally.

  • Ben
    Ben
    edited June 2017

    Relying 100% on a third party to ensure my data is safe from being deleted by accident is unacceptable in my opinion.

    But you're not. There is a local cache of your data on each of your devices.

    I will need to visit the other posts to find out if there is more info on when the local version of your software is going away

    You won't find any such post as there are no such plans. When you license a standalone version of 1Password you're able to continue using it for as long as it works for you.

    Ben

  • iceout
    iceout
    Community Member

    @Ben A local cache does not help me if my hard drive fails.

    Happy to hear I will be able to continue using the standalone version. I will be happy as long as I can continue to use it.

    Thank You

  • A local cache does not help me if my hard drive fails.

    At the same time the data is somehow miraculously deleted from our servers and backups as well? :)

    I think when implementing a solution it is important to look at the realistic threats.

    Happy to hear I will be able to continue using the standalone version. I will be happy as long as I can continue to use it.

    :+1: :)

    Ben

  • iceout
    iceout
    Community Member

    They are not your servers that is another part of the problem, they are Amazons servers.

    Just because a scenario does not happen everyday does not mean it should not be planned for. That is why Catastrophic Failure needs to be planned for.

    I disagree with Agile Bits path on this, that's all. No need for the jabs @ben .

  • Fair enough. You should use whatever solution you're most comfortable with. But I stand by my assessment that you're reaching pretty far here.

    Ben

  • iceout
    iceout
    Community Member

    @Ben your lack of understanding on why someone would want to maintain local control of an encrypted vault backup is baffling to me.

  • @iceout That already exists in the form of the local cache (which you could back up via Time Machine or similar).

    Ben

  • iceout
    iceout
    Community Member

    @ben ok so this is new, maybe my bad assuming since it is a cache that a backup of it would not be restorable. I am of the understanding I could not select restore from backup in a new install and point to a local cache backup to achieve that. Do you have more info on the process you are referring to?

  • @iceout

    It isn't intended to work like that, and as such there is no interface for doing it, but if you were to restore a Time Machine backup of your computer to a new computer -- your 1Password data would be there. Try it, if you want. Restore a Time Machine backup, disconnect from the Internet, and then see if you can unlock 1Password without being able to connect to the 1Password.com servers. It'll work.

    Ben

  • iceout
    iceout
    Community Member

    I will check it out but please put in a feature request to save an encrypted version of my vault locally when using account model. I must be the only one who wants it so it won't happen. But at least I will know my request was filed in the proper trash bin. @Ben

  • If you aren't satisfied with the offline capabilities the local cache provides you could also copy your information to a standalone vault at regular intervals.

    It is unlikely at this point that we'll be doing more in this area. It is something we've talked about considerably. You certainly aren't the only one to have this request. But because of the model with 1Password.com where the service is the "source of truth" having a client suddenly say "no, I'm the source of truth" (in the case of restoring a local backup) is incredibly tricky. And as I mentioned with the redundancy we have built in (both locally on your site and off-site on our service)... It would provide little actual value in our eyes.

    Ben

This discussion has been closed.