Location of Local Encrypted Vault File on Mac for Offline Access

Mycenius
Mycenius
Community Member
edited December 2022 in Mac

Hi All - was looking through old posts but couldn't find anything since 2020 on this (and nothing specifically in the help on it) - can someone confirm where the local copy of the encrypted vault file(s) should be found in macOS 12 and if this is different at all between 1PW v7 and v8? Also what is the file naming scheme? TIA.


1Password Version: v8
Extension Version: n/a
OS Version: macOS 12.4
Browser: n/a

Comments

  • Hi there @Mycenius

    Your 1Password data lives in the Data folder, at this path: /Users/[your name]/Library/Group Containers/2BUA8C4S2C.com.1password/Library/Application Support/1Password/Data.

    Inside, the 1password.sqlite file is your actual encrypted database. Hope that helps! :)

    — Grey

  • Mycenius
    Mycenius
    Community Member
    edited December 2022

    Great - Thanks @GreyM1P - looking to update my notes in case I ever have an issue. Should this be in the Knowledgebase somewhere - I did look but couldn't find it?

    P.S. Can the vault be extracted/opened from the sqlite file without 1PW app?

  • @Mycenius

    We include the path to the Data folder (albeit along with everything else) in How to uninstall 1Password so that you could remove 1Password and all its associated files. But personally, I'd much rather someone get in touch if they were having a problem than potentially do damage to that folder since it's what contains the actual data, so I must admit I'm glad we don't encourage customers to go in there. It's rare that we ever have to direct anyone to that folder, let alone do anything with it since there aren't that many moving parts in that folder. Almost no-one should be fiddling in that folder without guidance from Customer Support. Those that do are very much doing so at their own risk.

    On your second point, I'm not entirely sure, to be honest with you. You would have to recreate the key derivation and decryption functions of 1Password, and the ability to parse the SQL to be able to interact with the items, by which point you would've basically rewritten a good chunk of 1Password's underlying structure. Is there a particular use case you're thinking of here?

  • Mycenius
    Mycenius
    Community Member

    Thanks @GreyM1P - yeah I wasn't planning to do anything crazy 😉 - and if I was would not be touching the existing one - would look to use a copy.

    So was more interested in it from 2 perspectives; (a) is the file recoverable if you are offline and have some sort of catastrophic failure (like if your O/S won't boot) as per my post above, and; (b) also just understanding what's involved in getting a copy of it and accessing it outside of 1PW (i.e. what would a potential bad actor need to do if it was an individual local breach or theft of data). It's good to just understand what's involved and potentially read up a bit more on the theoretical side to get a bit of a grounding in knowing the risk and threat level for the locally stored copy of the vault.

    As an aside is there any sort of inherent copy protection assigned to the 1password.sqlite file - e.g. if someone tries to copy it is the master password required? If so is this true of macOS and Windows? I'm guessing even if this is there it's O/S dependent so could be circumnavigated via bypassing the O/S (e.g. accessing the storage drive, without the device O/S running, from an external O/S like that on a USB recovery drive or a downloaded virtual machine running in memory or such like)...?

  • Mycenius
    Mycenius
    Community Member
    edited January 2023

    @GreyM1P

    You would have to recreate the key derivation and decryption functions of 1Password, and the ability to parse the SQL to be able to interact with the items, by which point you would've basically rewritten a good chunk of 1Password's underlying structure. Is there a particular use case you're thinking of here?

    No I didn't have a specific scenario - was more thinking about recovery such as should you be offline and/or be in a position the 1Password App can't or won't run... So all you could do is recover that file from your Mac or Windows machine and you don't have access to 1Password going forward indefinitely (for whatever reason) or long enough to need to get to data in your vault urgently - could you access it somehow? Not looking to circumvent any security...

  • Hello @Mycenius,

    Thanks for getting back to us.

    (a) is the file recoverable if you are offline and have some sort of catastrophic failure (like if your O/S won't boot) as per my post above,

    This file contains your encrypted data since you were last able to connect to 1Password's servers. Recovering your account data is a matter of restoring your device and signing into 1Password. Once you are able to get back online, the most up-to-date data will appear once signed in.

    As long as you are able to install 1Password 8 on device with the 1password.sqlite file saved in the appropriate location, you will be able to continue to access your data with your account password and Secret Key.

    (b) also just understanding what's involved in getting a copy of it and accessing it outside of 1PW (i.e. what would a potential bad actor need to do if it was an individual local breach or theft of data).

    In case of a local breach, the malicious user would need to know both your account password and secret key.

    As an aside is there any sort of inherent copy protection assigned to the 1password.sqlite file - e.g. if someone tries to copy it is the master password required? If so is this true of macOS and Windows?

    There is no copy protection on the 1password.sqlite file itself, but as mentioned previously, it could only be decrypted with your account password and secret key. This is the case with all platforms, including macOS and Windows.

    I hope this helps to answer your questions.

  • Mycenius
    Mycenius
    Community Member

    That's great - thanks @ag_mike_d. All helps to understand how to manage my devices/apps at this end and the local copies of the vault. 😃

  • You're most welcome, @Mycenius. 👍😀

This discussion has been closed.