Optimal encryption strategies for raw 1Password backups?

Hello, again!

I recently hit the 600 items mark in my 1Password vault. As a celebration, I backed up early. I usually backup every Sunday, but for the special occasion I decided it was worth the extra effort.

Unfortunately, my laptop got so hot I almost burned my house down in the process. Okay, slight exaggeration, but my point stands.

My question is this; does anyone have or know of an ideal way to backup particularly large vaults without burning down your house or waiting 30 years for the encryption to finish?

I know I could encrypt half my vault separately from the other half, but that takes time and is far more prone to error. I was hoping someone had a genius solution instead.

Many thanks,
Ross


1Password Version: 7.4.750
Extension Version: 1.18.0
OS Version: Windows 10 1903
Sync Type: Not Provided

Comments

  • MikeTMikeT Agile Samurai

    Team Member

    Hi @rbstrachan,

    Thanks for writing in.

    How are you backing up 1Password? 600 items is not that big, I have 10K and even there, it's only ~40MB.

    Note that your 1Password data is already encrypted at disk, you can just copy it to your encrypted drive instead of double-encrypting.

  • edited March 4

    Hello :)

    How are you backing up 1Password?

    I'm selecting all my entries, then right clicking and selecting, "Export". I then encrypt the text file that 1Password produces using a service called Encipher It which uses PGP encryption.

    Note that your 1Password data is already encrypted at disk, you can just copy it to your encrypted drive instead of double-encrypting.

    You're kidding? All this time I've been exporting a raw copy of my vault and then re-encrypting it. Where can I find this pre-encrypted file?

    My backup is about 300KB which is not large at all but it just takes an insane amount of time (and seemingly computing power) to encrypt.

  • lumarellumarel
    edited March 4

    If I'm allowed to, I would share my "backup strategy"

    As I have a standalone license, I'm getting compressed zip files of the used opvaults in the applicationfolder (I'm not sure how it is handled with the subscription-accounts)
    As this is just a temporary backup folder I copy these to a more save location on another system (NAS):
    This is done with a task scheduler, which runs every hour after the login, and the whole code which is needed is:
    robocopy "%LOCALAPPDATA%\1password\backups\1Password.opvault.backup" U:\1Password\automated_backup\1password /Z /W:5

    So there is a offsite folder which holds every backup from the beginning until now :+1:

    From my experience with two vaults (300 + 100 items) this job needs under a second :unamused:
    And as @MikeT already mentioned, this backups are already encrypted, so they don't really need another layer.

  • Thanks for the insight, @lumarel, very interesting indeed! Also, @MikeT, 10K entries!? :fearful: It seems I have a looong way to go :naughty:

  • You're welcome @rbstrachan !
    If you want to increase the filesize you would have to save a lot of attachments, the text fortunately doesn't use that much space :lol:

  • Sorry to bother you again, @lumarel. I just had a look at %localappdata%\1Password\backups and I found the backup file. If you can explain, what is an SQLITE file? I take it has something to do with SQL? Is this the file that is pre-encrypted?

    Thanks for your help :)

  • MikeTMikeT Agile Samurai

    Team Member

    @rbstrachan,

    Your 1Password database is stored here: %LOCALAPPDATA%\1Password\data. SQLite is the database format we use to store your encrypted data in. OPVault is the format we use for standalone vaults.

    All 1Password data files including backups are stored encrypted, we do not store anything in clear view.

    You can just copy the whole %LOCALAPPDATA%\1Password directory there to your backup drive, which includes app files as well in case you need to restore in the future where future 1Password version may not work with that database version.

    We do plan to add support for an offline archival format in the future, so that 1Password can also download all of the files stored in your 1Password account (if you're using it) to disk and back it up. Right now, attachments in Documents are online only until you save to disk when requested.

  • @MikeT

    Ah, great, thank you for clarifying. That is sooo much easier than what I've been doing.

    Many thanks for your help :)

  • MikeTMikeT Agile Samurai

    Team Member

    You're welcome!

  • lumarellumarel
    edited March 4

    No problem @rbstrachan :chuffed:
    Ah I suppose you mean the 1Password10_<DATE>_<VERSION>_<ITEMCOUNT>.sqlite file?
    @MikeT explained that in an earlier discussion here, this is the backup file, which got created as you upgraded from 7.3.x to 7.4.x
    This is just a full database backup (SQLite is a database engine which is used from lots of different applications to store their data, saw that a lot on Windows and Android up to now, I'm definitely not the right one to explain that as I'm not a programmer but their website describes it quite good https://sqlite.org/about.html) ), as he described in the mean time this is not one of these backups of a standalone vault.

    Ah and thanks for the info Mike, maybe I will switch to the subscription some time in the future, as I'm hearing about some more standalone-friendly features :chuffed:

  • MikeTMikeT Agile Samurai

    Team Member

    Correct, the 1Password10_data_backup_<date>_<version>_<itemcount>.sqlite are internal database backups we do when we update to newer 1Password version that has database structure changes. This includes both the 1Password membership and 1Password standalone vaults, not just subscription.

  • Off course, as this is the database, which is used by the application itself, there is no difference between the standalone vaults and subscription service :+1:
    And if I remember correctly this backup could only be used to get back to the previous application version, which wouldn't understand the current (migrated) database.

  • MikeTMikeT Agile Samurai

    Team Member

    @lumarel

    Off course, as this is the database, which is used by the application itself, there is no difference between the standalone vaults and subscription service

    Exactly, internally, there is no difference between them, they're all stored together, it's how we sync that diffs. For standalone, we export to OPVault format and for standalone, we send it via APIs to our service.

    And if I remember correctly this backup could only be used to get back to the previous application version, which wouldn't understand the current (migrated) database.

    Correct, that's the purpose of the backup, in the event someone needs to go back because of some unexpected and unforeseen issues in newer version.

    We're all about being safe than sorry and try to back up as much as we can before we do anything.

  • We're all about being safe than sorry and try to back up as much as we can before we do anything.

    Exactly because of that mentality I would always prefer 1P over other Password Managers, because I just know you (your team) always try for the best :chuffed:
    You should always have a backup on hand, so I really like the sentence 'No backup, no mercy' ^^

  • MikeTMikeT Agile Samurai

    Team Member

    I just know you (your team) always try for the best :chuffed:

    💗

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file