Convert back to agilekeychain for "anywhere" support

I managed to finally get my .agilekeychain back in to a virtual machine in Windows (off my Android device running 1Password Pro) to find out it's been automagically converted to some format that doesn't support 1Password Anywhere. I can now no longer access my password library the way I've been using it for years. How do I get my library back into .agilekeychain format and allow me to use 1Password anywhere again?

I don't want to hear from Brenty (his attitude sucks) and I don't want to hear how opvault is superior, because it's not if it dropped a feature I consider useful and important. I have a feeling I'm not going to get a useful reply and I'll have to move off 1password to something free and opensource that has less functionality but doesn't lock me into a bullshit subscription model while also storing my doubly-encrypted secrets in someone else's untrusted computing platform (again, I don't care how secure you think your remote storage is).


1Password Version: 4.6.2.625
Extension Version: Not Provided
OS Version: Windows 8 VM
Sync Type: Local

Comments

  • Hi @stgarf,

    Thanks for writing in.

    AgileKeychain is still the default format in 1Password 4 for Windows, it does not do any automatic conversion or anything like that. Can you give more specifics as to what happened there?

    Just to be clear, are you trying to access your 1Password data on a computer without any 1Password app installed and using a web browser?

    The data vault format you're using has nothing to do with 1PasswordAnywhere. 1PasswordAnywhere has been phased out a few years ago and no 1Password apps will create 1PasswordAnywhere HTML file, even if you create a new AgileKeychain vault. In fact, we were going to do a OPVault version of 1PasswordAnywhere. However, OPVault was not the reason 1PasswordAnywhere was killed; 1PasswordAnywhere simply was no longer feasible to use in most web browsers (they've added more restrictions that made 1PasswordAnywhere difficult to support) and it is no longer secure to use.

    1Password 7 for Windows is coming with full support for local vaults but it will only support OPVault format, AgileKeychain is an older format that is being phased out and will not be usable in future versions of 1Password.

    We rarely do this but part of making sure that your data is safe to use over time is to drop older features that makes it no longer secure and 1PasswordAnywhere was one of them.

  • stgarf
    stgarf
    Community Member
    edited September 2017

    Thanks @MikeT,

    So the flow was as follows. I have an old android running 1P Pro and on the internal storage existed a Steve.Agilekeychain file. At some point, 1Password on Android updated and my vault changed formats. I had my old vault in internal storage (and when I sync'd it off to my laptop to use it as usual I noticed that about 100 items were missing and some passwords that I had recently updated on the Android device were out of date... of course they were in 1P on Android but in the newer OPVault format and not in my .agilekeychain file any longer). I had to jump through a whole bunch of hoops to sync that to Dropbox temporarily for 1 minute and then re-sync that with the Windows VM to at least get all my vault items back and then delete the dropbox copy -- because gross).

    Now, on my Windows VM I've got a 1Password.opvault file and I can no longer access my passwords easily without starting an entire Virtual machine. As an example, this is how I typically access and use (read-only obviously) my .agilekeychain vault. How can I do this now?

    alias 1p='/Applications/Google\ Chrome\ Canary.app/Contents/MacOS/Google\ Chrome\ Canary --allow-file-access-from-files ~/Steve.agilekeychain/1Password.html'

    Also, I should mention (if it wasn't obvious from the above code snippet) that my primary OS is macOS. I use 1Password for Mac with my work-associated vault. I do not wish to add my personal vault to 1Password for Mac as I do not like that fact that the primary vault's master password opens secondary vaults as well. Also, I had some unexpected cross-pollination of vault items between primary and secondary vaults that I did not expect so I felt it better to completely disassociate the two vaults from each other. Maintaining two completely separate 1Password installations on macOS didn't seem possible (although if it is via the sandbox-exec command or something that might be an option if anyone has accomplished that -- I started attempting writing a basic .sb rule file for it but gave up after a bit (couldn't get some of the frameworks 1P was loading to whitelist properly I think)).

  • stgarf
    stgarf
    Community Member

    Thanks @MikeT Just wrote a nice long reply and then accidentally deleted it :chuffed: (can you see it? while I update this post as a draft...)

  • Hi @stgarf,

    I saw it originally but it got updated and I cannot see it anymore.

    When did this happen, do you remember? Do you have a backup of the original AgileKeychain file?

    I'll ask the Android team to update us here because I am not familiar enough to know what could've happened in the Android version of 1Password here. @peri @saad, do you guys know if 1Password for Android auto-converted AgileKeychain files to OPVault in an app update? Is there any way to export to AgileKeychain?

  • stgarf
    stgarf
    Community Member
    edited September 2017

    Correct, this probably happened a year ago? At least that's the last updated time-stamp on my .agilekeychain file. I do have my original agilekeychain and I have the newly created opvault that's got my updates sync'd to it.

    (I had to do a temporary export of my vault, import it into 1P for Windows, Install Drop Box, sync it to dropbox, delete my android app, re-sync it with drop box, then delete the data out of drop box. Whole process took about 1.5 minutes.)

  • stgarf
    stgarf
    Community Member
    edited September 2017

    Ultimately it would be ideal if I could run two standalone copies of 1Password for macOS. The reason I don't have both vaults on my macOS machine is because my main vault on my macOS machine is a work vault and I don't like the fact the the primary vault password unlocks secondary vaults as well. Further, when I was using them together I somehow cross-pollinated vault items between the two (and I know you can move them back and forth) but that was enough to convince me that they must be separated if I want any semblance of a work/personal life separation.

    My initial thought was to build an .sb rule file and sandbox-exec one copy of 1Password to use w/ my personal vault and then have my work vault in "normal" 1Password without a .sb sanbox rule (i.e. no sandboxing for one of them) file but that proved to be a bit tricky... (And I would love to know if anyone has successfully sandboxed 1Password and knows how I can get it working...)

  • Greg
    Greg
    1Password Alumni

    Hello @stgarf,

    Am I right to understand that you've managed to resolve the troubles with your vault format and the issue at hand now is running two different vaults/1Password apps on macOS?

  • stgarf
    stgarf
    Community Member
    edited September 2017

    The issue really isn't resolved though -- but yes @Greg . I don't really want to maintain a Windows VM just to have a separate vault. How can I continue to use the easy, convenient, and lightweight .agilekeychain. I'm totally willing to install an OLD! version of 1Password4 for Windows just to get out of this terrible mess AgileBits has wrought upon it's users. I've been happy customer for years and now with your cloud-subscription revenue boosting plan you've pissed off a lot of people.

  • wkleem
    wkleem
    Community Member

    @stgarf,

    If you are patient enough, 1Password 7 for Windows supporting local vault is coming but no ETA as yet so I am guessing it will be a long wait.

  • stgarf
    stgarf
    Community Member

    I can wait if it means data is in my control. :+1:

  • Greg
    Greg
    1Password Alumni

    Hello again @stgarf,

    I think there might be a misunderstanding happening: OPVault is a format of local vault and it has nothing to do with our 1Password.com subscription accounts. We introduced it in 2012 in order to replace the Agile Keychain format, which had been introduced in 2008.

    As far as I know, it is not possible to create separate vaults with different Master Passwords in 1Password for Mac (see this reply from Rudy in another thread), but you can try to create separate macOS accounts to separate your work and personal stuff. It will also keep your 1Password data separate.

    I will surely get back to you as soon as I have more information about the way you have been using 1Password with .agilekeychain and clarify if it is possible with .opvault. Thank you! :+1:

    Cheers,
    Greg

This discussion has been closed.