Syncing a vault to a network volume results in strange behaviors of 1Password and Mac OS as a whole

abias

Hi,

I have read through multiple threads about syncing a vault to a network volume before, but I have not found a solution to my specific problem. If this thread turns out to be a duplicate, please just point me to the right thread.

Furthermore, I am aware that syncing a vault to a network volume is discouraged. However, we have to use this approach due to internal data protection reasons (which mandate storing password only on internal systems, even if they are stored in an encrypted format) and generally it works like a charm for us - except this problem which I describe here now.

In our setup, we have a local Mac OS server which provides an AFP network volume for our less than 10 Mac OS clients. On the AFP network volume, there are multiple 1Password vault files. Each of the Mac OS clients is configured to mount the AFP network volume and the 1Password application is configured to sync the local 1Password vaults with the vault files stored on the network volume.

This works like a charm as long as the Mac OS client can reach the Mac OS server over the network. However, some of the Mac OS clients are Macbooks which might also be used (by design) in foreign networks where they can't reach the Mac OS server or without any network connectivity. In this case, i.e. if the client can't reach the Mac OS server, strange things start to happen:

1. During normal work - and without opening the full 1Password application and only with having 1Password mini running in the background - the Mac OS finder tells the user approx. every single minute that the AFP network folder can't be reached by showing a warning dialogue:
   
   (sorry for the german language, I don't have this dialogue in english).
   As this warning dialogue catches the focus, it directly interrupts every work until it is confirmed.
   If 1Password mini is disabled and the full 1Password is not open, this message does not appear.
   If 1Password mini is disabled and the full 1Password is open, this message does also appear.
   So, I can conclude that it is directly connected to 1Password.

2. When opening the full 1Password application, the user might have to wait for a 60-90 seconds timeout, seing just a progress bar during this time. Afterwards, 1Password closes. When opening it one more time, it opens and can be used as expected.

3. When opening the full 1Password application, it might also happen that it simply does not accept the master key anymore, even if it is entered 100% correctly. The user has to wait several minutes until 1Password accepts the master key again and 1Password can be opened.

4. The 1Password extension in Chrome might stop working, passwords simply cannot be inserted into the browser anymore until the browser is restarted.

5. The Mac OS finder sometimes stops working, finder windows cannot be opened or worked with anymore until the finder process or the whole computer is restarted.

6. Within its configuration, 1Password pretends that the vaults are to be configured no to be synced anywhere.

These things don't happen at the same time and also don't happen everytime a Mac OS client looses connectivity to the Mac OS server. However, these are all real things we have encountered.

Once more, I am fully aware that syncing a vault to a network volume is discouraged. And I fully acknowledge that you can't fix every problem with that syncing strategy. But I don't think that the whole Mac OS system needs to fail that badly when 1Password can't reach a network volume.

That's why I would like to propose these three simple improvements for 1Password setups where a local vault is configured to be synced to a network volume:

1. Check if the network volume is reachable / pingable before trying to sync the vault file from the network volume. This should hopefully solve problem no. 1.

2. If the network volume is not reachable / pingable, just accept this fact within 1Password and 1Password mini. Keep the current local copy of the vault and work with it. Don't let the user wait for minute-long timeouts. Don't break functionality just because a vault can't be synced. This should hopefully solve problem no. 2 to 5.

3. Don't pretend within the configuration that the synchronization to a network volume does not exist. Just inform the user about the current status of the synchronization and warn him about missing syncs after a reasonable time, just like Time machine does. This should hopefully solve problem no. 6.

I would be really appreciate if you could dig somehow into these problems and solve them for network volume synchronizations. After all, I wonder why these problems happen at all as there might also be situations with other syncing technologies like Dropbox or iCloud when the client can't reach the syncing target.

Thanks,
Alex

---

1Password Version: 6.8.9 (6890001)
Extension Version: Not Provided
OS Version: Mac OS X 10.11.6 or newer
Sync Type: Not Provided

Lars

@abias - thank you sincerely for the thoughtful post.

I am aware that syncing a vault to a network volume is discouraged.

This is really the sole relevant piece of it, however: we cannot offer support of any kind for network volume syncing. That's not to say it can never work, just that we can't support it or help you troubleshoot it; the problems you're currently having are only a slice of the multitude of issues that can present themselves when you try to use Folder Sync to a network volume.