Support for local vaults?

24

Comments

  • gtf21
    gtf21
    Community Member

    Hi @dteare

    Thanks for the long and considered response (sidenote: as a founder, I hope I manage to stay as in touch with my customers — always the worry when the VC funding comes in).

    Ultimately we don’t have to agree I suppose, and 1Password is still an excellent product (even if the Linux version is a little... neonatal). I look forward to seeing 1Password for Linux reach parity with the MacOS version (especially with the 1Pwd mini helper, I really really miss that).

    FWIW I would be more interested in an easy way to extract and backup my data than self-hosting (for reliability reasons). I have just over 1000 items in my vaults so longevity is pretty important to me.

    Anyway, thanks for the teansparency. Onwards and upwards.

    ~gtf

  • dteare
    edited November 2020

    Thank you for the kind words, @gtf21. 🙏🏻

    Regarding your comment on preferring data export over self-hosting, I think many others will feel the same way. I mentioned earlier in this thread that we have some new features in the oven that will help here, including the ability to export your data to an encrypted format as well as a command-line tool that will allow you to read your exported data files without needing to rely on the 1Password apps themselves.

    Out of curiosity, how do you see yourself using these features? Would you set a reminder to export your data once a month and store it on a Synology backup?

    ++dave;

  • gtf21
    gtf21
    Community Member

    Sounds useful — will the export format be fully documented (rather than relying on the tools — still important of course)? Will the exported data be complete (ie all metadata, attachments, etc.)?

    I’m not 100% sure of my usage yet, I use duplicity to backup my machine to a local drive and remote storage (Backblaze BZ2) so I would take keep a snapshot of my 1password data on a regular basis (maybe just a systemd timer) which would be in a location on my machine which would be backed up through the normal path.

  • Deadpan
    Deadpan
    Community Member

    Just my two cents again, I would strongly prefer self hosting over data export. Unless said data export can be used as a local vault.

  • tty42
    tty42
    Community Member
    edited November 2020

    I strongly agree with Deadpan.

    I get that you like to push your hosted 1pw subscription. However, there is a group of people for whom having their passwords leave their owned devices (yes, we all know that they are encrypted) is just not acceptable.
    It would be great to know if you plan to cater the needs for this group in the future, i.e. by supporting local vaults and sync, or if you do not consider these features worth the effort.

    I love 1pw, but this requirement is not negotiable. Please let us know if we should look for a different solution or if we can rely on 1pw in the future. This discussion comes up so frequently, you could all save us some time by either stating that you plan to support this way of 1pw or that you will drop it. Then at least we know what we are at.

  • While we do not have plans for any sort of ‘local only’ or ‘self-hosted’ option, we are investigating what it would take to do that and will be happy to track the demand for such a feature. Thanks folks.

    Ben

  • vwest
    vwest
    Community Member

    Excellent discussion here. Similar thoughts to everyone here, awesome product, thank you for a linux version, but was really hoping for a "local only" option. I don't mind the subscription model, paying for quality products/services is how business works, but not having the option of where data is going is a critical feature for many. Thanks for all you do!

  • mo hataj
    mo hataj
    Community Member

    where can i get the docker container?

  • jay_gunn
    jay_gunn
    Community Member

    Unless you plan on allowing separate people and teams to share vaults with each other, local vaults are very much still a necessity. I don't get why this has to be so frustratingly difficult with your team.

    I work freelance with several different clients and in that work I have various logins and passwords necessary to do my job. A "teams" account is out of the question because each client would require their own, so local vaults are the best and most practical way for everyone to share a database. This works on Mac and Windows with no problem... why it was omitted from the Linux beta is just bizarre. I'd understand if it was just the beta, but now seeing that there's no plans to bring it back once it's out of beta is, in a word, frustrating.

    Are you also planning to eliminate local vaults from the Mac and Windows versions? If so, please tell us now so we can properly prepare for it. As it is, I'm already looking at other options just on the hint that local vaults might be going away entirely at some point. I've been a 1Password customer for well over 10 years now and I really would prefer to stay with it, but if I can't reliably count on local vaults always being an option, then I have no other choice but to look elsewhere.

  • Ben
    Ben
    edited November 2020

    Hey @jay_gunn

    I'd encourage you to reach out to our business team at business@1password.com regarding your use case. It would seem a 1Password Business account for you, with guest accounts for each of your clients, may be a workable solution. But they'd have more details. :) Thanks!

    Ben

    P.S. Sharing standalone vaults is not supported in any modern version of 1Password.

  • sn0man
    sn0man
    Community Member

    As @roustem mentioned earlier it would be really difficult to support old-style local vault files. I'd go even further and say it would be an incredible mountain to move and we simply don't have the luxury of time to recreate the old-style of vault syncing. Depending on demand, however, we could look at providing a Docker container that could be self-hosted. There's more complexity here than one might expect at first glance so it is not a decision we would take lightly, but assuming there is enough excitement from the community for this approach it's something we'd be willing to explore.

    Let me put it this way. If you are worried about sustainability from standalone license vs subscription I personally would be willing to pay more. How much more? I can’t say for sure but I imagine I might do something like this.

    1.) pay 1.5 times the subscription amount for a families account to have a local server.
    2.) pay again dutifully next year to have local server 2.0 and it’s associated updates (and again every year)
    3.) purchase, set up, and maintain a separate server like a raspberry pi just to self host my own password data. (Hell, agilebits could even sell me an overpriced 1PassNode (trademark it, I give you the rights in full for free) and I’d pay double what a Pi might normally cost.

    Knowing that if I’m outside the home I couldn’t sync and a myriad of additional pain points. The feeling I get from having the bits in my own sphere just matters to me. I assume I am not the only one.

    Thanks for reading.

  • MikeT
    edited December 2020

    Hi @sn0man,

    Let me put it this way. If you are worried about sustainability from standalone license vs subscription

    That isn't the issue at all, we've been supporting standalone licenses alongside subscription in the current stable apps on all platforms for a long time. The issue stems from the complexity of supporting and maintaining standalone vault formats (OPVault) in various combinations of syncing solutions on top of platform differences. For an example, your preferred sync solution may not understand when you make a change from multiple devices at the same time and 1Password has to manually resolve the conflicts without losing data. This is a very complex setup and when we do fix it for one sync solution, a different sync solution wouldn't even work the same way (some sync tool only looks at a file timestamp, other tools may only looks at the folder timestamps, and not all create the conflict files the same way) and then we have to manually fix this differently for each platform (Android, iOS, macOS, and Windows). Sometimes a simple OS update would break things as well. Adding Linux to this setup would actually make 1Password five times more complex (at minimal because linux distribution differences affects this too) because we then have to test it against every platform to ensure it syncs correctly.

    Our 1Password.com service actually simplifies this with a central source of truth handling this and all apps uses the same API consistently across all platforms to sync your data locally to your devices.

    That's why we've been mentioning the possibility of the docker/container solution, you'd be able to benefit from the same advantage with the central source of truth (the docker instance) and have your 1Password data propagated with all apps using the same consistent API. That way, we no longer have to sustain the massive complexity of individual platform differences, various sync solutions, and more.

  • michaeltpb
    michaeltpb
    Community Member
    edited December 2020

    Hey,

    I've been following this thread for a few months now and it's great to see you're working on a Linux client - I'm still using 1Password 4 on Wine for my primary machine and I'd love to move away from that.

    The self-hosted option is definitely appealing to me (sounds similar to Bitwarden's self-hosted option if I understand correctly). Is there somewhere I can follow news on that or is this thread the best place? I would happily switch to the subscription model if I could go self-hosted.

    I saw that it's "depending on demand", but I'm not sure how that demand is being measured other than posts like this one.

    Thanks for providing a great product!

  • Deadpan
    Deadpan
    Community Member

    I'd also be happy to pay a sub if I could self-host. I'd prefer to pay a one-off standalone license fee, but if that wasn't an option, so be it.

  • sn0man
    sn0man
    Community Member

    It sounds like financial interest in stand alone license is there from the community and AB aren’t revenue constrained so self hosting AND stand alone license should strongly be considered. It’s very high on my own list and I’d love to see it! Let’s keep as many old school 1Password folks around.

  • sn0man
    sn0man
    Community Member

    @MikeT well first I’m happy to hear that the license to sub transition isn’t born out of a financial issue with 1Password. My 2 cents are that AB hasn’t been charging enough for the stand alone licenses in the past. A more staccato 2020-Ver. 2022-Ver. (charging for each) with a bug fix/polish version in the middle 2019-Fix. 2023-Fix. would be good.

    As to the pain points you’re having; I’m of two minds in this:
    1.) it’s kind of your problem to solve (a bit antagonistic of a mindset I must admit) and
    2.) a simplified sync code-base is a boon for everyone. AB can focus all the weight on features and fixes instead of maintenance.

    There is another consideration that might be motivating. User testing of sync. Having fresh eyes hosting their own local sync through a container might 1.) help catch bugs, and 2.) instill trust in folks to move over to the service (advertising the service with a carrot instead of the stick of no more local hosting).

    I’m on the verge of rambling. Please please strongly consider any and all alternatives to the service and central hosting of password data. I feel many, myself included, are making password manager decisions based on it.

  • lumarel
    lumarel
    Community Member

    As I'm reading along this thread, I see a lot of motivated people, who would really like to see the self-hosted solution. :chuffed:

    I also found another use-case, which I have been asking while I was switching to the subscription model as well as the Agilebits hosted cloud vault:
    There is the really big concern for company networks which are using SSL-inspection.
    As the transmission isn't allowed to be cracked open, the sync just does not work inside of these networks!
    Yes, there is the possibility to whitelist some IP-adresses or domains (if the firewall supports that), but that might not be the wanted solution for the networking/security departments. (especially if something is public cloud hosted, if you decide to do that in the future)
    Hosting inside the private network and then using split-DNS to redirect to the internal instance, would do it, I think :+1:

  • Just as Ben mentioned earlier in the thread, we do not have plans for any sort of ‘local only’ or ‘self-hosted’ options within 1Password for Linux, but we are currently investigating what it would take to do that and will be happy to track the demand for such a feature.

  • Deadpan
    Deadpan
    Community Member

    All I want for Christmas is to pay you more money ;)

  • sn0man
    sn0man
    Community Member

    For sure. Same as @Deadpan I’ve got some standalone hosting of a sync server dollars burning a hole in my pocket. You just let me know when you want the check cut.

  • Deadpan
    Deadpan
    Community Member

    Yep. I've got space in a DC as well. I'm still on 1password4, and being required to use your sync service is literally the only thing stopping me from upgrading.

  • lumarel
    lumarel
    Community Member

    Just as Ben mentioned earlier in the thread, we do not have plans for any sort of ‘local only’ or ‘self-hosted’ options within 1Password for Linux, but we are currently investigating what it would take to do that and will be happy to track the demand for such a feature.

    No worry @Blake, I saw the message, I just wanted to add that, as were also asked to send our use cases, if such a solution would be available sometime :chuffed:

  • michaeltpb
    michaeltpb
    Community Member

    Hey @Blake - Thanks for the update.

    Although there are no plans for the self-hosted option, what's the best place to hear any news on that topic? Is it this thread or somewhere else?

    Likewise, there's been mentions of "tracking the demand" for this, but what's the best way for us to register our interest? Does "tracking the demand" simply mean seeing if a lot of people post on this thread?

  • Although there are no plans for the self-hosted option, what's the best place to hear any news on that topic? Is it this thread or somewhere else?

    Certainly we'll make efforts to update this thread if there is any change in this regard. The folks who take the time to register and post here tend to be our most passionate and technically inclined customers, and so if such a thing were to come to fruition it would seem you all would be prime candidates to check in with.

    Likewise, there's been mentions of "tracking the demand" for this, but what's the best way for us to register our interest? Does "tracking the demand" simply mean seeing if a lot of people post on this thread?

    Exactly that, yes, as well as customers (or potential customers) contacting us through other channels. We do ask that folks not contact us through multiple channels about the same thing though as that all takes time and effort to de-dupe. :)

    Ben

  • A10
    A10
    Community Member

    I'd like to echo/upvote the request for local vaults on Linux (as well as other OS's) from users @ketralnis, @tomgibson, @Deadpan, @keisatsu, @gtf21, @tty42, @vwest, @jay_gunn, @sn0man, @michaeltpb, @lumarel that have been made to the 1password team (@Ben, @roustem, @MikeT, @dteare, @Blake).

    What I hear from the 1password team responses seems to boil down to:
    a) It's hard to maintain this functionality forward and backward on all the different operating systems and updates. But I can't tell from the responses if the hard means 'expensive without a wide base of user support to make the business case' or hard means 'this is going to be a massive if/else statement for every permutation of operating system that is just going to be unweildly to keep up with'.
    b) The use case for local vaults seems kind of niche and not consistent with our development plans.
    Are these summaries correct or fair?

    I do want to reemphasize that there are clear use cases where I (and other users) don't want every password that we own to be shared on every device we use, or even to every account on that device. Bank accounts, pin numbers, passwords to sensitive websites, etc. don't belong on every computer we log into, and may not even be suitable to be stored in the cloud.

    Some additional ideas to throw into the mix:
    a) Give users the option on which vaults to sync on a particular device. I don't think there's options for this currently and the default behavior seems to require all of the vaults are loaded on every device the user logs into. If I could control which device gets access to a particular vault, that might be acceptable. Maybe based off of wireless/mac address or something else specific to the device.

    b) From @MikeT, it seems that 'sync' is the issue. I'd be ok being prompted to manually resolve conflicts, and/or if I had to initiate the synchronization (push mode) rather than sync occurring automatically.

    c) I'm open to some type of docker or other platform independent lightweight container to avoid the issues @MikeT and @dteare raised on syncing and OS/Platform fragmentation. Ideally there would be options to store these locally.

    d) If changing vault data formats is an issue as @dteare and @MikeT implied, maybe only keeping one or two vault data formats active, but develop the tools to convert old ones to a new format?

    Thanks for listening to user ideas!

  • Hi @A10;

    Are these summaries correct or fair?

    Let's see:

    But I can't tell from the responses if the hard means 'expensive without a wide base of user support to make the business case' or hard means 'this is going to be a massive if/else statement for every permutation of operating system that is just going to be unweildly to keep up with'.

    We wish it was as simple as using if/else statement but it isn't; the structure of how 1Password works for both standalone vaults and 1Password accounts are not compatible. We're talking about basically maintaining two different apps within the same interface (one example: one app uses a simple API to make a single item change quickly and another uses the local file system to replace an entire file to modify it); which goes into the first part of your summary; it is difficult to provide the best 1Password experience that our customers demand with this dual data structures of standalone and 1Password accounts. We've been trying already for years within our current apps.

    We built 1Password memberships because of the challenges that our customers had to go through with the standalone vaults; we were spending a huge amount of time on helping everyone with their unique sync solutions and they were having problems with their own family members or teammates or babysitters or any other persons trying to set up that same system (you or folks here may not have any challenges if technically experienced enough). Majority of that went away when we switched to 1Password memberships, we handle all of that logic automatically, which all boils down to: sign in and that's it. However, that solution isn't for everyone, we understand that but it is for majority of our customers who does not have that kind of requirement, who are happy to bank online with the same kind of sensitive information and have similar kind of security in place.

    This is not to say this is the only challenge we and our customer face though.

    I do want to reemphasize that there are clear use cases where I (and other users) don't want every password that we own to be shared on every device we use, or even to every account on that device. Bank accounts, pin numbers, passwords to sensitive websites, etc. don't belong on every computer we log into, and may not even be suitable to be stored in the cloud.

    We truly do understand, in fact, some of our developers including myself still use 1Password standalone vaults share the same concern. We are looking for ways to address various concerns; let's pick one of what you've suggested:

    a) Give users the option on which vaults to sync on a particular device. I don't think there's options for this currently and the default behavior seems to require all of the vaults are loaded on every device the user logs into.

    Not at the moment but it is something we're looking into. There are a few settings we already have;

    First, we have an option to block sending data to specific platforms already as shown here:

    Second as you may have noticed on the bottom of that screenshot, there's the travel mode where it disables the vaults from being loaded during traveling.

    We're expanding on this over time. I would absolutely love to see us add more granular options such as Don't show this on new devices until explicitly enabled.

    However, this alone doesn't solve the problem for some customers; for an example, business or legal requirements that such data cannot be in the cloud at all and this option would not address that one. This only works if you're willing to store data on the cloud but just not specific devices.

    In the case of absolute no cloud involvement; this situation would be addressed with the docker idea, where nothing leaves the local device.

    As you can see, every option has its own pros and cons. We have to constantly balance this out and for now, we're leaning on 1Password memberships as it has a lot of pros where cons do not outweigh them.

    We are trying to figure things out to add more complex setups as we continue to evolve 1Password but this will take time as we have to constantly evaluate usability, security, and more.

    Maybe based off of wireless/mac address or something else specific to the device.

    Probably not something we'll do because MAC addresses can be spoofed.

    c) I'm open to some type of docker or other platform independent lightweight container to avoid the issues @MikeT and @dteare raised on syncing and OS/Platform fragmentation. Ideally there would be options to store these locally.

    Just to clarify, the Docker solution if possible would just be all local. It would not be syncing anything to the cloud.

    If you want to include both in the same 1Password app, you can because you'd just enter the sign in address of the docker's instance and treat it like a second 1Password account, it's just local. This is why this docker idea is far more desirable for us.

    b) From @MikeT, it seems that 'sync' is the issue. I'd be ok being prompted to manually resolve conflicts, and/or if I had to initiate the synchronization (push mode) rather than sync occurring automatically.

    You may be okay but would your family members or teammate or other persons you wish to share the vaults be okay too?

    Manual or automatic sync is not the main issue; the challenge is how each sync solution have their own ways of doing things and our apps have to adapt to it.

    A simpler solution would be to just allow one end to overwrite the other side completely; that sounds like it would simplify most of the challenges right? But like everything else, every solution has its own unique set of challenges; the overwrite method comes with data loss risks; so you then have to back up your data before you replace. After that, how do you deal with multiple writes to the same data folder across network? How do you then scale this up to multiple devices, platforms and persons? For an example on iOS device where you have no direct access to the filesystem as it is locked down.

    d) If changing vault data formats is an issue as @dteare and @MikeT implied, maybe only keeping one or two vault data formats active, but develop the tools to convert old ones to a new format?

    It's not the data format alone; it's the entire ecosystem around it;

    Let's say you converted one PC to the new format; what about the other PCs that you may or may not have access to such as family members's PC? Overwriting can't be the solution because that can result in data loss on their side because they haven't updated to new format and they haven't pushed back to your side. You then need to figure out a marker to inform both side that one side is not yet ready and then you have to figure out how to proceed on each PC individually. Then you have to update the apps on both first to know about this marker.

    This piles up into a massive snowball over time that's hard to maintain as we evolve to add more features. We haven't even talked about file attachments here and that's a big challenge on its own. There is a huge industry that tries to address this problem.

  • sn0man
    sn0man
    Community Member

    Mike,

    I’m really thrilled that you’re bringing your knowledge and perspective to this thread. I think the concerns such as usability and “data loss risks” cannot be overstated.

    I hope you’re reading our desires to have offline, local, complete control of the location of our passwords in a positive and passionate 1Password advocate light.

    I recently did a migration from one Mac to another and I had to play around with the toggles inside of the various clients to get wlan sync working again. I know family wouldn’t have the same patience to methodically set and unset various parameters to get things running smoothly again.

    The docker, container, whatever technological solution to self-host sounds promising but not if it risks the basic functionality to store passwords securely and not lose data erroneously. A data loss incident could really harm the reputation that I think AB and 1Password have fairly earned over many years.

    Again, thank you for continuing the conversation. I won’t speak for everyone but I know that my Mac and my iPhone and my iPad have been syncing fairly trouble free offline. It drew me to the product. I’ll likely stay in that configuration until I have to make a move.

    If we can assist through feedback, testing, discussion, monetary, please let us know. Thanks!

  • Hi @sn0man,

    I hope you’re reading our desires to have offline, local, complete control of the location of our passwords in a positive and passionate 1Password advocate light.

    Oh absolutely, we wouldn't be here without you guys and that's true from day one to this day. I know the desire to have total control of your most sensitive data all in your hands only or an encrypted usb drive locked inside in a fireproof safe nailed down to the foundations..... :)

    It's just that there are a lot of people that wants to use 1Password too. Hopefully, we'll have a great solution for everyone that we can reach.

    The docker, container, whatever technological solution to self-host sounds promising but not if it risks the basic functionality to store passwords securely and not lose data erroneously. A data loss incident could really harm the reputation that I think AB and 1Password have fairly earned over many years.

    It would actually be battle-tested already as it would replicate what we use for 1Password service already, just pushed down into a self-contained service that you can run locally. Plus it'd work out of the box with same 1Password apps (including 1Password beta for Linux here) that uses the same 1Password APIs which handles the syncing automatically because the local service is the oracle of truth (that tells 1Password how to sync in your network). The only difference is that you'd have to run backups on your own but that's not any different from what you'd have to do now with standalone vaults.

    If we can assist through feedback, testing, discussion, monetary, please let us know. Thanks!

    Keep sharing your passion with us and all we ask is time (a time machine would be nice too) as we're trying to figure this out even though it feels like we've been trying for a long time. All I can say is that the work we've been doing in the latest 1Password for Windows and Linux apps is a journey that can actually help a lot. You'll see in time of what our vision is.

  • sn0man
    sn0man
    Community Member

    The only difference is that you'd have to run backups on your own but that's not any different from what you'd have to do now with standalone vaults.

    I love that 1Password makes backups on its own. Thats always been a feature I'm thankful for.

    I know the desire to have total control of your most sensitive data all in your hands only or an encrypted usb drive locked inside in a fireproof safe nailed down to the foundations.

    I should buy a USB Key and throw one of those aforementioned backups into my firesafe. I already did the write down my master password there for my spouse to access stuff in an emergency

    just pushed down into a self-contained service that you can run locally

    Hopefully somewhat lightweight. I've got a Pi-Hole running on a Raspberry Pi, and it sounds like that could be a good place to host my own 1Passnode server someday.

  • @sn0man,

    I love that 1Password makes backups on its own. Thats always been a feature I'm thankful for.

    Yep. It is one of my favorite features too.

    Another one is for 1Password accounts, you have the Item History feature, which lets you restore individual items all the way back to the first version. It's awesome and I'd love for us to bring this inside the app (under consideration), so you can go back in time. This is where sync conflict is less of a concern, every change is saved as an item version regardless of which direction it came in.

    I should buy a USB Key and throw one of those aforementioned backups into my firesafe. I already did the write down my master password there for my spouse to access stuff in an emergency

    I hope your MP is stored in a safe location. There's also the 1Password Emergency Kit PDF you can find online where you fill it out and store it in a secure location with a USB drive that holds the data; such as with your will stored by your lawyer for the estate planning.

    Hopefully somewhat lightweight. I've got a Pi-Hole running on a Raspberry Pi, and it sounds like that could be a good place to host my own 1Passnode server someday.

    Oooh, I'd love the idea of selling a 1Password USB drive that you can just connected to a Pi or a NAS and just run it. :smile:

This discussion has been closed.