Folder sync: please clarify the instructions

beijau

After reading the user guide's instructions on folder syncing, I attempted the same process I use for other database applications that I need to sync between laptop and desktop: I pointed the path for my laptop's 1Password.agilekeychain package to my (afp-mounted) desktop computer's folder sync copy of 1Password.agilekeychain. Once I unmounted the desktop drive, the laptop 1Password app's diligent attempts to locate the desktop drive, triggering a Notification each time, made me give up on what might otherwise be a viable solution.

I gather from the number of forum threads on sync issues that this functionality is still evolving -- something that is reflected in the way you've documented it. There are several things that would have helped me to better understand what 1Password can and cannot do with syncing.

1. Explain how the application treats 1Password.agilekeychain, e.g. "After you make changes to a vault and the application has been idle for XX seconds, 1Password will attempt a folder sync...". I do understand that "local" folder means what it says, but you haven't made it clear that a remote folder won't work properly. Saying, "...we tell 1Password to sync the vault with a specific folder..." leaves this distinction ambiguous.

2. The docs seem to be downplaying the need for a third-party sync solution by saying very little about it. Presumably you don't want to scare off the Terminal-phobic by throwing in a few examples of how to rsync the .agilekeychain packages. I think @Megan is right, "Folder Sync is a tricky concept to get your head wrapped around at first...", but isn't that a good reason to provide more detailed explanations and use cases? There's great information in this response from @oversoul; please exhume it from the forum post and add it to your docs.

3. There's no explanation of why the docs refer to syncing 1Password.agilekeychain but say nothing about simply overwriting a newer copy from one folder sync location to another. I tried my best to take @Megan's suggestion, in the post linked above, to read about the .agilekeychain file structure. My best guess is that Folder Sync is designed to overwrite the individual data files within the .agilekeychain package without altering the parent folder structure. Unfortunately this doesn't make it straightforward to tell if data updates are syncing unless you get inside the package contents. Which brings me to...

A feature request: Please make it possible to select and force manual syncs. When dealing with an unfamiliar application/data, I like the certainty of knowing that a backup or sync has taken place at my instigation. You've done this with backups, which is great. If you could extend that to syncing, it would open up the possibility of pointing a Folder Sync at an .agilekeychain on a remote folder.

Thanks much,

Rob

v4.4.1 BETA-4 OS X 10.9.3

Megan

Hi Rob ( @beijau‌ )

I'm sorry that Folder Sync is confusing you. I'll see if I can clear things up a bit here.

Folder Sync essentially works the same way that Dropbox sync works: you select a folder on your drive, and 1Password will sync your data to that location. With Dropbox sync, 1Password will notify Dropbox when a change has been made, and Dropbox will initiate a sync to get that change to the cloud and your other devices.

The difference with Folder Sync is that instead of having Dropbox to do the syncing, you'll need to select your own third-party sync to do the heavy lifting. If you already have a home network set up with a shared drive that multiple computers can access at a time, you can use Folder Sync without a third-party service, but it is important to ensure that all computers and users have both read and write access to the shared folders, otherwise sync will not work. (That's is where the "tricky" part comes in.) This is why we generally recommend Folder Sync only for more advanced users: it does require some additional set-up.

Once I unmounted the desktop drive, the laptop 1Password app's diligent attempts to locate the desktop drive, triggering a Notification each time, made me give up on what might otherwise be a viable solution.

By selecting Folder Sync, you are telling 1Password that you want all of your data to be kept updated to a specific location. If that location is unavailable, 1Password cannot keep your data updated as you have requested. When 1Password is unable to update your data, you will receive a notification to warn you that it cannot perform the sync.

The docs seem to be downplaying the need for a third-party sync solution by saying very little about it.

We say little about individual third-party sync solutions because there are a multitude of options available to users, and each one behaves differently. We are not able to provide detailed instructions for all of the available options and we have not done enough research to recommend one or the other. We can ensure that 1Password saves your data to the folder location of your choice. How that data is then synced to your other devices is up to you. If the sync solution you have selected is giving you trouble though, we'd be happy to help!

There's no explanation of why the docs refer to syncing 1Password.agilekeychain but say nothing about simply overwriting a newer copy from one folder sync location to another.

I'm not quite sure I understand your question here. Folder Sync is designed to sync (not over-write), so it is not merely writing changes to the selected folder, but also watching for changes being written from elsewhere (either via the third-party sync or from another computer on the home network). If you would simply like to create a 1Password.agilekeychain file as a backup or to use with 1PasswordAnywhere, you can temporarily enable Folder Sync to create the 1Password.agilekeychain file in the desired location.

I hope this helps you to understand Folder Sync a little bit better, but we're here if you have any further questions!

beijau

Thanks for your reply, Megan.

If you already have a home network set up with a shared drive that multiple computers can access at a time, you can use Folder Sync without a third-party service, but it is important to ensure that all computers and users have both read and write access to the shared folders, otherwise sync will not work.

After finding @oversoul's forum post, I got that. It would help if that information were in the user guide.

We are not able to provide detailed instructions for all of the available options and we have not done enough research to recommend one or the other.

But you have provided the Folder Sync feature, which I think is very useful and was an important reason for me to license 1Password for my family. I am asking you to provide just one example of how users can sync multiple 1Password.agilekeychain files generated from Folder Sync. Not an exhaustive list, not a product endorsement (although you did call out Chronosync by name), just a basic here's-what-we-do-at-our-office example e.g. using the rsync utility present on every OS X Mac. That should be preferable to having users struggle to get the benefit of an important feature of 1Password.

I'm not quite sure I understand your question here. Folder Sync is designed to sync (not over-write)

Sorry, I am referring to synchronizing two 1Password.agilekeychain packages between two directory locations.

So far my experience is that when I treat 1Password.agilekeychain like a single file and overwrite copy A with copy B obtained from another installation of 1Password, I get an error Notification from 1Password when I start it up. I then need to re-set the Folder Sync preference to point at the overwritten 1Password.agilekeychain package. Finally I'm prompted to have 1Password merge 1Password.agilekeychain (copy B's) contents into its vault. It works but the "heavy lifting" comes on the 1Password side. That's why it would be helpful for me to have an example of how the process of synchronizing two 1Password.agilekeychain files generated from Folder Sync is supposed to work.

When I try to recursively synchronize the contents of 1Password.agilekeychain (rsync or Chronosync) I get textual garbage in some of the vault records after re-starting 1Password. Clearly I am doing something wrong. So overwriting 1Password.agilekeychain packages seems to be the only way I can synchronize my laptop and desktop 1Password copies. This doesn't seem right.

I would indeed appreciate your help with this (or any!) Folder Sync solution.

Thank you,

Rob

Megan

Hi Rob ( @beijau‌ )

I am asking you to provide just one example of how users can sync multiple 1Password.agilekeychain files generated from Folder Sync. Not an exhaustive list, not a product endorsement (although you did call out Chronosync by name), just a basic here's-what-we-do-at-our-office example e.g. using the rsync utility present on every OS X Mac.

Unfortunately, most of us here are using Dropbox sync, so the "here's what we use at the office" example isn't going to be too helpful for you. Instead of a general example, I'd be happy to help you get Folder Sync working for your specific situation. Please provide me with some details on your 1Password ecosystem:

• What are the version numbers of 1Password that you currently have installed on all computers and devices?
• What are the version numbers of your operating systems for all computers and devices currently running 1Password?
• How many vaults are you syncing and to which devices? (ex: are all vaults to be synced to all devices, or which vaults need to be synced to which devices?)
• What service would you like to use to keep these folders synced up?

beijau

Megan,

Thank you for offering to help me with a solution. I appreciate the effort that your team makes to help users.

My point remains: your company's application contains a sparsely documented feature (Folder Sync) that I am asking you to document more fully. As helpful as you are being, you're also failing to acknowledge my point. If I'm wrong please show me why.

What are the version numbers of 1Password that you currently have installed on all computers and devices?

1Password 4
Version 4.4.1.BETA-4 (441004)
Agile Beta

What are the version numbers of your operating systems for all computers and devices currently running 1Password?

OS X 10.9.3

How many vaults are you syncing and to which devices?

One vault. A desktop and a laptop.

What service would you like to use to keep these folders synced up?

rsync v3.0.9

Megan

Hi @beijau,

Thank you for your feedback on Folder Sync.

To sync a vault between your desktop and laptop using Folder Sync and rsync:

• Open Preferences > Sync on your desktop and Select Folder Sync
• Select the folder location you wish to store your data in
• Use the rsync Terminal command to sync this folder to your laptop
• Open Preferences > Sync on your laptop and select Folder Sync
• Select the folder that you have synced via rsync. If you already have data stored on your laptop, 1Password will ask if you would like to merge this vault with your existing data. Simply select 'Confirm' to continue.

This should get you all set up, but please let me know if you have any further questions!

marksmeritt

@beijau, if you've taken further steps, I'd love to get details about your experience/solutions, since I'm also interested in a sync solution that avoids third-party/cloud services and just stays on my own network. I also have a Mac laptop and desktop, both running 1P 4.4.1. Though I'm still on OS 10.8.5, I'm guessing most/all of what you'd come up with would apply to me, too. E.g.:

What details to use when running the rsync command?

Does this institute an ongoing sync that keeps the Mac's 1Passwords continually synched, or do you need to run the rsync command and/or take any other steps each time you'd want to update the sync between the computers, similar to the W-Fi sync between Mac and iOS devices?

Any other details/insights would be appreciated re: how to accomplish this as simply and effectively as possible. Thanks!

beijau

@marksmeritt,

In the end I opted for Chronosync. First off, I already own it. The reason I was asking for an alternative is that Chronosync licenses per install not per user, so it doesn't match our 1Password family pack.

Second reason is that Chronosync displays a consolidated list of diffs, making it easy to spot conflicts and choose the winner. That's a two-step process if you rely on rsync, or three steps if you first diff the contents of your 1Password.agilekeychain package.

Let me back up a bit. One thing I was trying to learn from Megan was which files in the 1Password.agilekeychain package structure I needed to sync. If you just rsync "the folder location you wish to store your data in", you are simply overwriting the target with the source. This wasn't working for me because I was not seeing changes flowing through to the target 1Password application.

Here's what I do now:

1. In 1Password -> Preferences -> Sync, select the folders to store both devices' 1Password.agilekeychain file as Megan describes above.
2. Use Chronosync to diff the *.1password files in Device_A/Sync_folder_A/1Password.agilekeychain/data/default/ with the files in Device_B/Sync_folder_B/1Password.agilekeychain/data/default/ on device B.
3. Set the following files to be ignored in both /1Password.agilekeychain/data/default folders: contents.js, encryptionKeys.js, and 1password.keys . As far as I can tell these are metadata files that don't need to or shouldn't be copied back and forth.
4. Resolve conflicts by hand and then sync the rest of the files.

You can mimic this process with rsync by first syncing A->B and then syncing B->A. However, this simply means the newest version of two files with the same name will remain after the syncs. If you care about potential conflicts, you can use the -v and --dry-run options to first show which files and going to be synced and identify any conflicts. PITA, and probably there is an easier way using Unix magic beyond my limited understanding. Also, I don't update passwords often enough to make further automating the process worthwhile.

There shouldn't be any functional difference between Mountain Lion and Mavericks per se, it's rsync that's doing the work.

Megan

Hi @beijau‌

Thanks for providing the details on your set-up. I've spoken with several of our tech gurus about your sync process.

I would like to caution you on leaving any part of the 1Password.agilekeychain file out of the sync process. The entire file bundle should be synced on a regular basis to ensure all aspects of it are up-to-date. While not every part of the file bundle changes when an item is updated, there are circumstances where these files may change, and it's best to ensure that the entire bundle is synced each time to avoid conflicts or other complications.

ref: DOCS-226

beijau

Thank you @Megan.

Jasper

On behalf of Megan, you're welcome. :)