Exporting Documents from Business/Teams

Hello, I was just trying to export data from our 1Password for Business site and discovered that Documents cannot be exported. We take routine offline backups as part of our Disaster Recovery strategy and it plucking these out files one-by-one by clicking the Document, Clicking "Download & View" and then "Show in Finder" is cumbersome when you have 100+ files. Can you provide a better way of exporting this data in bulk?

Comments

  • khadkhad Social Choreographer

    Team Member

    Hi @wavesound,

    Thanks for letting us know you’d like to see this. I agree that it’s an area we can improve. It’s on our list, but I can’t promise a specific time frame.

    If it helps, your data is backed up in your account which is offsite, so even if tragedy strikes in your area, your data will still be safe. I know that’s not what you were asking about, but I wanted to make sure to mention it for anyone else coming across our conversation.

  • Hi @khad, that’s good to hear. But it’s no good to your customers when they need their documents and your systems are offline. That data is held hostage until your systems are brought back online. Customers should be able to take a complete portable and accessible offline backup of their online accounts. Although probably unintentional, this does form some vendor lock-in for customers using your service.

  • khadkhad Social Choreographer

    Team Member

    @wavesound,

    It’s certainly not intentional, but you are correct. We are very motivated to make sure you have access to all your data at all times – even if we get abducted by aliens.

    The good news is that all your Documents are available offline in 1Password for Mac, which I presume you are using based on your mention of “Show in Finder”. They are cached locally, and decrypted on demand when you view them.

  • @khad,

    Thank you for getting back to me. I did see that. However, it looks they are only cached when the file is viewed. So if another team member adds files, I have to go view each one in order to "cache" them.

  • BenBen AWS Team

    Team Member
    edited February 1

    @wavesound I just tested on my Mac and all documents I have access to are automatically cached. I didn't have to view each one in order for them to be available. Could you please let me know if you are seeing something different?

    Ben

  • HI Ben,

    That's definitely not the behavior that I am seeing.

    I navigate to the following on my Mac and I only see one folder. Where should I look to see the folders?

    /private/var/folders/lg//T/com.agilebits.onepassword7/com.agilebits.Attachments.noindex/

    is a seemingly random string of letters and numbers.

    On a related note, this news article about VFEMail losing all of their subscriber's e-mail for the past 20 years was what reminded me to follow up (https://krebsonsecurity.com/2019/02/email-provider-vfemail-suffers-catastrophic-hack/).

    Can AgileBits elaborate on the safeguards and controls in place to ensure that a similar event does not occur with 1Password?

  • Forgot to add @khad or @Ben

  • ag_kevinag_kevin Junior Member

    Team Member
    edited February 13

    Hi @wavesound ,

    I'm Kevin, one of the developers of 1Password for Mac. I can comment on the availability of your documents.

    By default, all documents are downloaded, but not decrypted. If you are curious to see them, they are located here:

    ~/Library/Group Containers/2BUA8C4S2C.com.agilebits/Library/Application Support/1Password/b5DownloadedResources
    

    and arranged by a unique id for each account, vault, and item. These are encrypted blobs, they must be decrypted to a temporary file before they can be viewed.

    But rest assured, even if something catastrophic happened to 1Password's servers, you'll still be able to unlock 1Password and decrypt/view each document, even if offline. You can try it yourself by turning off WiFi and/or unplugging the ethernet cable.

    The folder you mentioned in your post is a location to view documents after they've been decrytped. Files in that folder are temporary, they're only there when you decrypt them, and when 1Password locks or relaunches, those files are removed. I'm sure you understand, we would not want to leave unencrypted files laying around your disk.

    But while you are unlocked, you can click on the document preview area and show that folder in the Finder. You can copy that file out to the desktop or another folder, rename it, and use it.

    What 1Password does not have, right now, is a way to export and decrypt all documents at once. If that is something you'd like to see, please let us know. And of course, that feature would be subject to the permissions granted to you by your 1Password team administrator.

    I hope that helps to alleviate your concerns. Please reply if you have further questions.

    Cheers,
    Kevin

  • wavesoundwavesound
    edited February 19

    Hi @ag_kevin ,

    Thank you for your comments. I agree that that all of my 1Password data should remain encrypted at rest on my computer.

    Being able to export files and items as easily as I used to with Standalone vaults is absolutely necessary for us and I think adding permissions for that process makes sense. We like the flexibility of 1Password.com but we need to ensure that our data is fully recoverable in an offline backup (at-rest) in an interchangeable format.

    We would also like the ability to test the viability of that those secure offline backups to both 1Password.com and to Standalone vaults to ensure that these critical items are fully recoverable in the event of a 1Password.com failure, Device loss/failure, crypto-locker attack, etc.

    Relying on 1Password.com as our exclusive backup mechanism is very convenient and a good first step, but data portability and secure offline storage is a must for us and the clients that we are training to use your product/service for protecting their personal information.

    In our environments, we typically keep these backups on IronKeys in data safes.

  • Absolutely agree that there needs to be a robust mechanism for automating the backup of all 1Password data - especially for business use.

    If the worst case scenario was to occur and some corruption caused data to be lost on both the 1Password servers and on all local clients - then this can potentially be a business-ending event.

    We absolutely need to guarantee the safety of our data - especially our password vaults. Having multiple independent (and secure!) copies of all data is a critical step in that process.

    I'm assuming that the comments here made about the Mac client don't necessarily apply to the Windows client when it comes to offline availability of documents?

  • brentybrenty

    Team Member
    edited March 1

    @SimonHampel: In the case of "some corruption caused data to be lost on both the 1Password servers and on all local clients", you'd still be able to revert the change using item history. But you're right that there's room for improvement as far as flexibility.

    I'm assuming that the comments here made about the Mac client don't necessarily apply to the Windows client when it comes to offline availability of documents?

    Sorry, can you clarify the question?

  • brentybrenty

    Team Member

    Being able to export files and items as easily as I used to with Standalone vaults is absolutely necessary for us and I think adding permissions for that process makes sense. We like the flexibility of 1Password.com but we need to ensure that our data is fully recoverable in an offline backup (at-rest) in an interchangeable format.

    @wavesound: Agreed. :) :+1: Thanks for your feedback!

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file