Support for local vaults?

ketralnis
ketralnis
Community Member

I see "To use 1Password, you need a 1Password membership" (https://support.1password.com/cs/getting-started-linux/), are you planning on building support for local vaults via regular software licences?

I'm a long time 1password user that's paid for many upgrades over the years but I don't ever want my vault stored on someone else's server or tied to somebody else's business or deprecation whims. Running fully locally is very important to me and with the Mac client I'm able to do this


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Linux
Sync Type: local

«134

Comments

  • Hi @ketralnis

    Membership is the way forward with 1Password. There is just so much more that we can offer there than with standalone vaults synced with 3rd party services (or not synced at all). At this time we do not plan to add support for licenses or standalone vaults to 1Password for Linux.

    That said we'd be happy to try to address any concerns with syncing your encrypted data with 1Password.com, if that's a conversation you're interested in having. :)

    Thanks!

    Ben

  • tomgibson
    tomgibson
    Community Member

    For me standalone vault would be useful because there are some passwords I don't want to sync to all of my connected computers, for example I don't want my bank passwords synced to my work laptop. No problem with the subscription model, but please consider standalone vaults for use cases such as the above.

  • Thanks @tomgibson. We'll continue to brainstorm about how we might address that problem.

    Ben

  • Deadpan
    Deadpan
    Community Member

    Local vaults would fix that problem.

    I've been waiting for Linux 1password to come out for years, and was about to give up - have started migrating to another system instead.

    I saw this and thought "finally, I can go back to 1Pass and ditch the other system" - at least until you said you wouldn't support local vaults.

    It's not that I don't trust you guys, I do... But I'll never put my password database into a cloud service that I don't totally control. If that means I have to stop using your system, then that's what I'll have to do. I don't want to, though... So I really hope you add back in local vault support.

  • Hi @Deadpan :)

    Thanks for checking out the preview.

    Local vaults would fix that problem.

    That's not a solution that is going to be viable at this point.

    But I'll never put my password database into a cloud service that I don't totally control. If that means I have to stop using your system, then that's what I'll have to do.

    If that's absolutely a non-starter for you then unfortunately I don't think 1Password is going to be a good solution for you going forward. Membership is the path that we're on and that's likely to be true for the foreseeable future. That said I'd encourage you to read up on our security model before making that determination. I used to think the same way you do, but we've built a model that provides a level of security comparable with that of local vaults. The Secret Key is a big component of that.

    Thanks for considering.

    Ben

  • roustem
    edited August 2020

    It would be really difficult to support old-style local vault files.

    One potential workaround could be to run a Docker container that provides 1Password.com service locally. I am not sure how many people would be interested in that, it would require a bit of technical knowledge.

    Let me know if this is something that might work for you and if enough people are interested, I could get a Docker image ready.

  • lumarel
    lumarel
    Community Member
    edited August 2020

    If I'm allowed to write something about this as well.

    I was really concerned about the closed infrastructure of the 1Password subscription as well (until I moved there because the Dropbox service got so horrible for my "less secure" vaults).

    I would definitely be on the train if there is a possibility (for all platforms, not only Linux) to host the service on my own.
    Yes, off course you, the 1Password team, are always in control of this locally hosted cloud service, but if you can assure that the data is only hosted on the self hosted infrastructure (and can't be moved/copied elsewhere), this would definitely be a step in the direction, where local databases aren't needed any more.

    There is only one more problem, which is... what if the cloud service does not work anymore? because of internet outages, expired certificates, or some other thing I can't think of right now. (in the case the local cache is not up to date ^^)
    With the opvault vaults I always have multiple ways to recover my data, even if windows (or the windows application) is broken, it is "kind of easy" to decipher the vault with a self-written (or open-source and trustworthy) script.
    It is also snapshot-able to the hell, as it can be put on any filesystem which supports that. There is never the possibility to loose any of the data.
    For already some weeks (since I changed to the subscription), I'm searching for a solution to backup my passwords securely, externally (on my own hardware), automatically.

    Nevertheless, the locally hosted cloud service would further help to promote 1Password at the company where I work (as I think of it) :)

  • mdaniel
    mdaniel
    Community Member

    One potential workaround could be to run a Docker container that provides 1Password.com service locally. I am not sure how many people would be interested in that, it would require a bit of technical knowledge.

    I would be strongly interested in that

  • MikeT
    edited August 2020

    Hi guys,

    @lumarel

    There is only one more problem, which is... what if the cloud service does not work anymore? because of internet outages, expired certificates, or some other thing I can't think of right now. (in the case the local cache is not up to date ^^)

    You will never be locked out of your 1Password data (with the tiny exception of Documents, mentioned below for the moment, will be better in the future.

    You'd have the same issue with standalone vaults that you're syncing via third party services like Dropbox. Regardless of self-hosted, hosted, standalone or any form of 1Password, 1Password is never in a position where your 1Password data is decrypted outside of your device, which means majority of the data has to be downloaded first in an encrypted fashion on your drive. You can be fully offline and it still works just fine.

    The only limitation is the documents since it is downloaded on demand (to save on the initial sync time) and it is something we'll improve in the future to allow you to automatically download all documents at once to ensure you'll have access to all data on your device regardless of what happens to 1Password.

    With the opvault vaults I always have multiple ways to recover my data, even if windows (or the windows application) is broken, it is "kind of easy" to decipher the vault with a self-written (or open-source and trustworthy) script.

    The same is true with your 1Password account. You can write your own script or study our 1Password command line tool to decrypt the local database on your drive. On Linux, go to your ~/.config/1Password directory to find the sqlite file for your 1Password database just as for Windows app is %LOCALAPPDATA%\1Password\data.

    It is also snapshot-able to the hell, as it can be put on any filesystem which supports that. There is never the possibility to loose any of the data.

    Same with that 1Password database file. We just don't recommend you backing up that directory as long as you still have access to your 1Password account remotely, so that 1Password doesn't conflict with syncing, let 1Password handle the source of the truth. Only restore it in a very-last resort measure.

  • lumarel
    lumarel
    Community Member

    Thank you @MikeT for this quite distinct answer!

    You'd have the same issue with standalone vaults that you're syncing via third party services like Dropbox.

    Yes, this is correct. Self-hosted is a different story :)

    Regardless of self-hosted, hosted, standalone or any form of 1Password, 1Password is never in a position where your 1Password data is decrypted outside of your device [...]

    I had some weeks ago a really detailed discussion about the whole "what Agilebits knows about my vault" topic, and I'm completely sure that there is absolutely no way that somebody else, who doesn't have the master password (as well as the secret key or device with a established connection) could access the data.
    There is just some data which some people don't want to give out of their hands / out of their own infrastructure :(

    I totally forgot about the caching model for documents, thank you for reminding me about that!

    You can write your own script or study our 1Password command line tool to decrypt the local database on your drive.

    And thank's for that suggestion,
    I didn't try the decrypt the sqlite database file up to now, will have to give that a shot :+1: :chuffed: (the last time I tried to decrypt a sqlite database I somehow immediately ran against a wall, but I didn't have a valid key there)
    Do I understand this correctly, also the command line tool uses the exact same database? (and does it understand all of them, even if there is a scheme change as the Windows version had one recently) That would make it to the always rescue bringing dependency-less swiss knife :fearful:

    Same with that 1Password database file. We just don't recommend you backing up that directory as long as you still have access to your 1Password account remotely, so that 1Password doesn't conflict with syncing, let 1Password handle the source of the truth. Only restore it in a very-last resort measure.

    You're definitely right, it should always only be the last solution.
    E.g. in case you deleted an item noticed it month later, that you need it up to now and yeah... already deleted the waste bin :unamused:
    That's this case where a last solution would be needed :chuffed:

  • Just wanted to jump in quick on this point:

    For already some weeks (since I changed to the subscription), I'm searching for a solution to backup my passwords securely, externally (on my own hardware), automatically.

    In the development preview we included an export feature. We've always tried our best to make sure nobody would be locked into 1Password so export itself is nothing new for 1Password, but this particular one is new and improved and lays the ground work for us to build further upon in the future.

    The exported data is unencrypted so you'll need to find a way to protect the data once you take it out of 1Password but it might suit your needs. Longer term we plan on having an option to encrypt the exported data using a format that is completely documented and include a reference reader implementation (likely in Rust) that you can use to decrypt the data.

    This is something @jpgoldberg and @ag_Christian have been designing and implementing. They'll be excited to hear you'll be using this feature.

  • mdaniel
    mdaniel
    Community Member

    On Linux, go to your ~/.config/1Password directory to find the sqlite file for your 1Password database just as for Windows app is %LOCALAPPDATA%\1Password\data.

    Are there plans on documenting that file, like its .opvault friend? I thought I recalled seeing opdata01 serialized inside the file from back when 1P.com first came out, but the file from a few minutes ago has about 4 json encoding layers before reaching a structure with keys like ["cty", "kid", "enc", "iv", "data"]

  • mdaniel
    mdaniel
    Community Member

    Longer term we plan on having an option to encrypt the exported data using a format that is completely documented and include a reference reader implementation (likely in Rust) that you can use to decrypt the data.

    Merely for your consideration, if you were to choose your own opvault format for the encrypted export, that would do 3 awesome things:

    1. use a format that you already know, has presumably already been security vetted, and is currently documented well enough that people on the Internet can code up a reader for it
    2. if you do end up making a rust reader for it, which would presumably be open source, that would be two independent open source readers for the opvault format -- the more reader implementations, the more likely spec bugs will be found
    3. it would enable a small, but probably non-zero, percentage of your audience to go back to the standalone version of 1Password without having to completely leave the 1Password ecosystem
  • @mdaniel,

    Are there plans on documenting that file, like its .opvault friend?

    Not the database file that I mentioned but rather a new format that's based on what we're doing with the new export format that Dave just mentioned. There is a reason why but first the plan is to fully document the new export format along with a reader you can use like Dave just said.

    The reason is that our application database contains device settings and other non-user stuff that doesn't need to be in the exported data, especially since they may contain application-version-specific database schemas that may not be backward/forward compatible. In other words, you shouldn't worry about which version of 1Password app to use with a specific snapshot of the database and we're doing that with the new export format and its own tool to read the data regardless of when it was created.

    if you were to choose your own opvault format for the encrypted export, that would do 3 awesome things:

    Yes, that is mostly the plan but this will be its own export format that'll evolve with its own tool that folks can use outside of 1Password. We're not saying it will be anything like OPVault but as you own the data, you can do whatever you wish with it.

  • lumarel
    lumarel
    Community Member

    Thank you for this deeper sight in the future development @dteare
    Also thank you @MikeT that you are (maybe once again) going through such heated discussion ^^

    [...] Longer term we plan on having an option to encrypt the exported data using a format that is completely documented and include a reference reader implementation (likely in Rust) that you can use to decrypt the data.

    I kind of think this is the solution I was searching for the whole time :chuffed:

    Off course this will take its time until we will be able to use it, but if the design is secure and as usable as you say, it will definitely worth it :+1:

  • @lumarel,

    Also thank you @MikeT that you are (maybe once again) going through such heated discussion ^^

    All I see is passion from everyone to help improve 1Password. :smile:

    Off course this will take its time until we will be able to use it, but if the design is secure and as usable as you say, it will definitely worth it :+1:

    :+1: Yep. We got a lot of things going on and this 1Password for Linux is just the beginning, it is a piece of a big picture. It's going to be a wild ride. :smile:

  • Tran
    Tran
    Community Member

    I just switched to using Ubuntu. I was hoping for offline, local vaults too. But as per this thread, no :(

    I do have a workaround: use a virtual machine.

    Download VMware Workstation (free for non-commercial use).

    Install Windows. And then install VMware Tools so you can copy and paste between the host (Linux) and guest (Windows) machine.

    I use Syncthing to sync the 1Password vault between the host and guest machine.

    PS: this solution may sound overkill but I do need to use other Windows software as well ;)

  • MikeT
    edited August 2020

    Hey @Tran,

    No such thing as overkill when it does exactly what you need.

    By the way, you don't have to use VMWare Workstation, most Linux distros usually come with KVM built-in. You can use Virtual Machine Manager or a simpler version, Gnome Boxes. I recommend the former as it gives you more options.

    I bring this up since VMWare uses kernel modules, meaning that you have to wait for them to compile a new version for each new kernel version and you don't have to with KVM.

    Also, you could share a common folder between the host / VM instead of using a sync tool.

  • steffann
    steffann
    Community Member

    One potential workaround could be to run a Docker container that provides 1Password.com service locally. I am not sure how many people would be interested in that, it would require a bit of technical knowledge.

    That would be interesting. One of my customers has a requirement for a self-hosted password store with synced copies on laptops (it's an ISP, so access to the passwords must be available during a network outage :) )

  • @steffann: please keep in mind that 1Password caches your items locally so you always have access to your data. We primarily did this for performance reasons but improves availability was a nice benefit, too. 🙂

  • steffann
    steffann
    Community Member

    I know. On-site server and client cache are two separate requirements :)

  • Understood. :) I think Dave was just making sure you were aware that this part is already baked in:

    so access to the passwords must be available during a network outage

    We'll absolutely be taking another look at how we might address the other needs here. :+1:

    Ben

  • Deadpan
    Deadpan
    Community Member

    I'll say it again... Offline vaults.

    I'll happily pay you more money for a new licence if you give me offline vaults.

  • Hey @Deadpan

    1Password's vaults are already available offline. You can test this by unlocking 1Password while disconnected from the Internet. :) If you mean entirely offline vaults, e.g. ones which are not synced at all, would you mind sharing what your use case for such vaults would be / what your concern with the current model is? Thanks!

    Ben

  • Deadpan
    Deadpan
    Community Member

    More than anything, it's the combination of subscription model and not being able to store the vault in a location of my choosing. I'm sure your storage system is quite secure, but I'm also sure mine is equally as secure, if not more so.

    While I know you have our best interests at heart, if someone came in and offered you $xxxxxxx for you company, at the end of the day there's nothing to stop you/the company you sell to from withdrawing/changing the service, making software updates that remove local functionality, lock users in and raise prices, etc.

    Like I said, I know you wouldn't act that way, because I've been a customer of yours since early versions of 1pass v4. I've also recommended you to others in both family, friends, and business (I also work for an ISP/communications carrier/managed services company).

    But the fact is, no company is immune to risks like I've mentioned. There could be any number of reasons why you may stop operating, and I'll openly admit that you have a great product (it's why I use it).

    My opinion: work out how much lost income you think you'd have if you didn't lock me into a subscription, and tell me that number. I'll pay it for local vaults.

  • Ben
    Ben
    edited August 2020

    Thanks for elaborating, @Deadpan. I think there are perhaps a couple of separate concerns there, but would it be fair to say that the biggest one is the fear we could be bought out / go out of business / charge prices that are unsustainable for you? I'd be happy to help address that. There are a few points that I would make:

    1. If that were to happen, the concern wouldn't be all that different regardless of where the data is stored. Software like 1Password isn't a one-and-done, write once and forget about it kind of product. It requires constant attention from a development team to keep it going. Even under the model of licenses & standalone vaults everything else surrounding 1Password is going to continue to evolve... notably your operating system and web browsers. Without updates to 1Password it wouldn't be incredibly long before it would be impractical (if not impossible) to continue using it. As a recent example: Safari 13 was released after 1Password 6 development was discontinued, bringing with it an entirely changed extension system. The extension that was build for use with 1Password 6 doesn't work with it. If we were to find ourselves in one of the situations outlined you would want to export and move to another solution rather than limp along an old version of 1Password. And we give you that ability.
    2. Largely because of the above we feel it is incredibly important to give people options to export their data into plan text, such that no one is ever 'locked in.' Additionally our data format is open, so that even if somehow every copy of 1Password suddenly stopped working, tools could easily be written to do this. In fact, while we don't recommend their use (because we recommend never putting your Master Password into any tool other than 1Password), such tools do exist. We also have a command line tool which can help make getting data out of 1Password even easier.
    3. 1Password is a long standing company with the founders continuing to be heavily involved in the day-to-day many years into it. Dave, who posted just above is one of the founders, and he is actively involved in the development of 1Password for Linux. The same is true for Roustem, who also participated in this thread. With bringing on Accel as a partner there was a lot of speculation from outsiders that Dave and Roustem would be retiring or taking a less active role, but they're still here, and they're still helping steer the ship.

    A couple of resources that may be helpful while considering this:

    My opinion: work out how much lost income you think you'd have if you didn't lock me into a subscription, and tell me that number. I'll pay it for local vaults.

    The subscription model is what is providing a sustainable business model for us now and going forward, so I don't imagine we'd be in a position to offer a non-subscription arrangement for 1Password for Linux in the forseeable future. There are likely valid use cases for a "local vault" of sorts, and as such we'll continue evaluating how we might best address that. But 'standalone vaults' and licenses, as they were, are not likely to be a viable solution here.

    Ben

  • keisatsu
    keisatsu
    Community Member

    I'm happy to hear that you're considering "local vault" support for Linux!

    I am already using 1password for my own needs, but in some cases I am prevented from storing credentials in your cloud due to compliance reasons. It's simply a requirement that they are stored locally on provided hardware and not synced offsite.

    I have no issues in playing for a membership/subscription and I glady sync passwords of my choosing to your cloud, but I need to be able to pick which ones.

    Slightly off-topic: Can you please consider improving the android app likewise? I understand that you can setup local vaults there but only BEFORE opting in to the cloud sync. I'd rather not have to reinstall the app, just let me create a local vault at will.

  • Hi @keisatsu,

    Thanks for sharing your thoughts with us, that really helps.

    It's simply a requirement that they are stored locally on provided hardware and not synced offsite.

    It's something we're keeping in mind for sure. As you can see from Roustem in an earlier post here, there might be something we can do in the future.

    Slightly off-topic: Can you please consider improving the android app likewise? I understand that you can setup local vaults there but only BEFORE opting in to the cloud sync. I'd rather not have to reinstall the app, just let me create a local vault at will.

    There's a reason for that and it is due to the way the Android app was originally built as a standalone app that works with standalone vaults and we added the subscription service on top of it.

    We do plan to overhaul the app but we don't have an ETA on that. It will a huge undertaking however the work we're doing with the 1Password for Linux and Windows (1Password for Windows 7.0-7.4 version uses a lot of Rust code) is going to help with this by reusing same code.

  • gtf21
    gtf21
    Community Member

    Definitely appreciate the thoughtful involvement of @dteare @roustem and @MikeT here, but as someone who has been buying 1Password licences (probably too many tbh) since 2007 I was pretty disappointed that moving to Linux forced me to transition to this membership model with no local vault file. To answer @Ben's point(s), it's not really about "why don't you want your data sync'd via our cloud service?" But rather "why should I want my data sync'd via your cloud service?" 1Password used to give users the option of passing around our vault file however we wanted. To be honest, I have seen precisely zero improvements moving from a local vault file to a cloud-synchronised vault file. For me, most of the improvements 1Password can offer me as a consumer (I also put my entire business onto 1Password for Teams as soon as it launched, but that's a different story) are relating to the UI / integrations, and security.

    The default for me as a user is to keep my data locally, to myself, in files I know how to handle. It's great that you are offering an option for people for whom this isn't important, but removing the optionality for those who don't want that just seems wrong.

    I think @Deadpan has pretty much hit the nail on the head here.

  • Thanks for sharing, @gtf21. I appreciate you taking the time to explain your perspective on things. And thank you so much for supporting us for all these years. We absolutely wouldn't be here today without awesome customers like you. 🤗

    I don't think there's much I can add that hasn't already been discussed already in this thread but I will say that the decision to not offer offline vaults in 1Password for Linux is not a decision that was taken lightly. We have tried our best to support both offline and online vaults at the same time in the other clients for years now and while this approach has seen some success, it has also brought with it several challenges that have been tough to solve.

    We've been pressed for time so our development team hasn't had the chance to write the detailed technical posts on how 1Password for Linux works underneath the covers and how we basically started from scratch. I hope we do someday as there's many fascinating things to share and explore. Long story short we had three main challenges we needed to work through: create an entirely new backend for working with items, saving them, syncing, etc; design and implement our new design language; and reimagine the 1Password experience and flush out new features that we've been dreaming of for a while now.

    Between these three hard problems we needed to solve concurrently I don't think it hyperbole to say that we wouldn't have support for Linux today if we layered on the addition requirement of supporting offline vaults the way they were in 1Password 7 and earlier. There are just too many moving parts to complicate things further.

    As @roustem mentioned earlier it would be really difficult to support old-style local vault files. I'd go even further and say it would be an incredible mountain to move and we simply don't have the luxury of time to recreate the old-style of vault syncing. Depending on demand, however, we could look at providing a Docker container that could be self-hosted. There's more complexity here than one might expect at first glance so it is not a decision we would take lightly, but assuming there is enough excitement from the community for this approach it's something we'd be willing to explore.

    For the time being we are going to keep our heads down on moving 1Password for Linux forward towards an official release in the New Year. There's several other exciting things we have planned for 2021 as well and I look forward to sharing those as well when the time is right. But in the interim we will continue to structure things in such a way that self-hosting is a possibility so as to not paint ourselves in a corner just incase we and our customers decide Docker is needed.

    Considering I started by saying I didn't think there was much I could add, I sure did end up typing a lot! 😂 I hope this additional perspective helps and thank you again for supporting us all these years. ❤️

    Take care,

    ++dave;

This discussion has been closed.