Will there ever be a CLI option or Connect Rest API to export all account data in .1pux format?
Hello,
Hope you are having a great day.
My goal:
I want to automatically backup my 1password account and export the 1pux file every week automatically.
Issue:
From what I have found the only way possible is by manually exporting from a 1password app. I want to be able to have different options of exporting a 1password account in the 1pux format.
Proposal:
Let's say that the 1password app export executes a client side API which triggers a series of API's or just one of them on the server for the 1password account which then curates the file and downloads it.
I believe it would be great if that same API were to be accessible via CLI with an option of export with the parameters of --account, --export-format, and --output.
For example:op export --account="NAME_OF_ACCOUNT" --export-format="1PUX" --output="./"
As well via 1password/connect-api Rest API.
What I have done to get to the goal:
I have unzipped the 1pux file and looked over all the data and files that are now visible. I took a close look at the export.data file and thought of the idea to curate the file myself with 1password CLI, 1password/connect-api Rest API's, and the 1password Go SDK.
Below are two files, the export.data that I curated with all that I could find and the example export.data from the About the 1Password Unencrypted Export format site.
The one that I curated did not even come close the example export.data contents and I am going to brainstorm more ideas and test them to see if I can find a way around this as well.
At the beginning my first idea was to have a Virtual Machine in Windows or Linux and automate the 1password app export process and have it run weekly, although this is not what is needed but rather something smaller such as some scripts bundled together with dockerfiles and docker compose files which is apart of my goal.
1password CLI and Go SDK curated **export.data**:
{
"accounts": [
{
"attrs": {
"accountName": "xxx",
"name": "xxx",
"avatar": "profile-pic.png",
"email": "example@example.com",
"uuid": "xxx",
"domain": "https://my.1password.com"
},
"vaults": [
{
"attrs": {
"accountName": "",
"name": "xxx",
"avatar": "",
"email": "",
"uuid": "xxx",
"domain": ""
},
"items": [
{
"id": "xxx",
"title": "xxx",
"version": 1,
"vault": {
"id": "xxx"
},
"category": "SSH_KEY",
"fields": [
{
"id": "notesPlain",
"type": "STRING",
"purpose": "NOTES",
"label": "notesPlain"
},
{
"id": "public_key",
"type": "STRING",
"label": "public key",
"value": "xxx"
},
{
"id": "fingerprint",
"type": "STRING",
"label": "fingerprint",
"value": "xxx"
},
{
"id": "private_key",
"type": "SSHKEY",
"label": "private key",
"value": "xxx"
},
{
"id": "key_type",
"type": "STRING",
"label": "key type",
"value": "rsa"
}
],
"lastEditedBy": "xxx",
"createdAt": "xxx",
"updatedAt": "xxx"
}
]
}
]
}
]
}
export.data example from About the 1Password Unencrypted Export format
{
"accounts": [
{
"attrs": {
"accountName": "Wendy Appleseed",
"name": "Wendy Appleseed",
"avatar": "profile-pic.png",
"email": "wendy.c.appleseed@gmail.com",
"uuid": "D4RI47B7BJDT25C2LWA7LEJLHZ",
"domain": "https://my.1password.com/"
},
"vaults": [
{
"attrs": {
"uuid": "rr3lr6c2opoggvrete23q72ahi",
"desc": "",
"avatar": "pic.png",
"name": "Personal",
"type": "P"
},
"items": [
{
"uuid": "fkruyzrldvizuqlnavfj3gltfe",
"favIndex": 1,
"createdAt": 1614298956,
"updatedAt": 1635346445,
"state": "active",
"categoryUuid": "001",
"details": {
"loginFields": [
{
"value": "most-secure-password-ever!",
"id": "",
"name": "password",
"fieldType": "P",
"designation": "password"
}
],
"notesPlain": "This is a note. *bold*! _italic_!",
"sections": [
{
"title": "Security",
"name": "Section_oazxddhvftfknycbbmh5ntwfa4",
"fields": [
{
"title": "PIN",
"id": "CCEF647B399604E8F6Q6C8C3W31AFD407",
"value": {
"concealed": "12345"
},
"indexAtSource": 0,
"guarded": false,
"multiline": false,
"dontGenerate": false,
"inputTraits": {
"keyboard": "default",
"correction": "default",
"capitalization": "default"
}
}
]
}
],
"passwordHistory": [
{
"value": "12345password",
"time": 1458322355
}
],
"documentAttributes": {
"fileName": "My movie.mp4",
"documentId": "o2xjvw2q5j2yx6rtpxfjdqopom",
"decryptedSize": 3605932
}
},
"overview": {
"subtitle": "",
"urls": [
{
"label": "",
"url": "https://www.dropbox.com/"
}
],
"title": "Dropbox",
"url": "https://www.dropbox.com/",
"ps": 100,
"pbe": 86.13621,
"pgrng": true
}
}
]
}
]
}
]
}
What am I willing to do?
I am willing to contribute in any way possible to make this a reality.
1Password Version: latest
Extension Version: latest
OS Version: Linux
Browser: Brave
Comments
-
While I do appreciate the work you put in your tool, I still think this should be added to the CLI tools as soon as possible.
I recently had all my data deleted. A "hacker" got access to my e-mail browser session (they used a python script to scrape and upload my browser profile (including cookies and sessions). Using only access to e-mail they were able to delete my complete 1Password Family account. I had to wait the whole weekend in fear before Support finally responded and was able to restore my account. That's not the way I want to spend my weekends.
The process is described here: https://support.1password.com/delete-account/#get-help
Without any additional security questions, 2FA confirmation or even a cool down period people can delete your account if they have access to your e-mail.Bitwarden has the same issue/flaw: https://bitwarden.com/help/delete-your-account/#delete-a-personal-account.
But the difference with 1Password is that you can Self Host and create periodic backups of the data. That makes Bitwarden the superior product at this moment. Only downside is that you have to sacrifice on usability and UI.So please 1Password, add this feature as soon as possible. So people can create local backups of all the 1Password Vaults (and even all accounts in case of Family Accounts).
1 -
I created my tool since I needed a solution as soon as possible and I believe the 1Password Team is not going to immediately focus on implementing a new feature due to a Community Member wanting it added. (I believe that managing your own data is critical and beneficial in the long term).
I agree, that is a very big issue and I do agree this should be a feature added to the CLI. As well as having account deletion processes to include more security/additional steps.
If I may ask, how do you know the compromiser used a Python Script and how were they able to get those cookies and sessions?
0 -
@Norkz after the incident I immediately disconnected my LAN connection. Then I imaged my PC to a backup, and reinstalled Windows. After that I recovered the backup image in a HyperV VM (without internet access).
I am a developer myself, and I suddenly noticed a "python" folder in my %temp% folder. I then also found a "Crypto" folder inside, with some weird looking files. One of the files had a very large encoded string inside.
I decided to alter the code to make it show the decrypted code, instead of executing it. And there I noticed all the classes and methods. One for example was called something like "ExportFirefoxSessions". The script made ZIP files of all Firefox profiles, and then uploaded it to a Discord channel (which was non-existing when I checked) and it uploaded it to some "file" server (which I still need to check).
So I altered the complete code again, to not delete all the files after uploading. And there I discovered a lot of ZIP files which contained my Firefox data, Steam data, Telegram data.
And one session I always keep open is to my e-mail web app. In the Firefox export the "hacker" noticed I was using the 1Password extension, and that probably made him decide to delete my account.I am still hoping they did not get access to the data itself, but sadly 1Password Support cannot confirm or deny that.
But the worst part was that I had to reply from Support the entire weekend. And all my data was gone, except on my Work laptop. The data remained there (except documents) because I disabled the WiFi before logging in. 1Password then goes into "offline" mode, but you can still access your logins.This whole situation made me realize that we really need a way to do periodic offline backups, since I don't want to experience this again.
1 -
Thank you for the info, that was very interesting and informative. This seems like the compromiser is a ill intent person using tools without caring much about leaving traces of their actions. I do hope none of your data was taken by them, although just in case I do recommend for you to reset every since 2FA token and password if possible even if you have a ton of items.
Better to take action then to never know "if" your data was taken along the way since I could presume you have Banking info in 1Password and then one day you notice your Bank accounts are compromised which will be terrible.
What I do is use my tool to backup every week to a certain folder, then have another automation detect the backup file, reset Bitwarden data and replace it with the backup file. Thus allowing myself to always have a fail-safe of my data if 1Password ever has issues, I have no Wifi, I lose access to my 1Password account for whatever reason, etc. Although I still use 1Password as my main Password Manager due to the features they have for developers and users alike that Bitwarden does not, like you have mentioned—the UI/UX.
1 -
Thank you, it is great you find the tool useful.
For importing data into Bitwarden I will make the code Open Source in a new repository and will notify you in here once it is done.
It will be another "tool" that will detect if a
.1puxfile is in a certain folder, it will do nothing if it does not exist, else if it exist it will wipe the current Bitwarden data and import the.1puxdata automatically. (I will make it compatible with theBackupOnePasstool).Would this new tool suite your purpose as well?
0 -
That would be awsome!! Thank you agian!
0
