1 Item - Multiple Vaults?

Hi,

We currently use a vault for each of the teams within our business. Some of our accounts are used by multiple teams (e.g. MailChimp is used by marketing as well as product). Is there a way to have the same item in both their vaults, with both staying up-to-date?

Aka/eg - If I make a copy of the MailChimp login in the marketing vault we have, to the product vault - when marketing updates their password through 1PW, will this also update in the product vault?

Thanks!


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • BenBen AWS Team

    Team Member

    Hi @gaiacorno,

    1Password does not currently have any concept of “linked items” across vaults, whereby updates to an item in one vault would be reflected on an item in a different vault. In cases like this the best solution, currently, may be a third “marketing + product” vault in which to store items that are shared across teams. This is definitely an interesting idea though. I can see how having the ability for items to exist across vaults would be handy. I’ll certainly pass the suggestion along to the rest of the team. :)

    Ben

  • Ben,

    I would also like the feature of one item living in multiple vaults so that I only maintain one item and the changes are reflected across multiple vaults. The use case that I have right now is to share the credit card details for our company with some but not all people. The credit card lives in the "financial" vault, but it needs to be used in the "marketing" vault.

    Thank you!

  • LarsLars Junior Member

    Team Member

    Welcome to the forum, @jjdahl! I can't say what might be coming in the future but for now, there's no mechanism to do what you're asking for. You can certainly make copies of data and put multiple copies of items in multiple vaults...but we don't recommend this because those copies are independent of one another; they will not sync with one another. For the present, 1Password's shared syncing is vault-based: if you have a record (or more than one) that needs to be shared with certain people, and they need ongoing access to it including any changes (i.e., sync), then those items need to be put into a vault by themselves. Access to that vault can then be given to any subset of team members you wish (assuming you're an Administrator or Owner of the account).

  • I'd really like to see this feature, too.

  • LarsLars Junior Member

    Team Member

    @sponch - thanks for weighing in. :)

  • This seems to be the most important thing to focus on given that LastPass and Dashlane do this. I’m coming from LastPass and feel that this feature is a showstopper for completely leaving that system. This is the most common use case we have for using a service like this. So, please escalate this. I would think using a tag system across vaults to share would be ideal. But, at the very least, sharing individual or folders of paswords with multiple intersecting groups is what we are looking for.

  • brentybrenty

    Team Member

    @Bjdavis22: Tags do not offer security. Please see my reply here, and stop posting the same thing in multiple places, as that just slows down response times for everyone — including you. You can share vaults with groups of people.

  • @Bjdavis22 You're wrong anyway - you can't save sites to multiple folders in Lastpass https://lastpass.com/support.php?cmd=showfaq&id=4426

  • LarsLars Junior Member

    Team Member

    Welcome to the forum, @TheHooond! Thanks for the link. :) :+1:

  • Thanks @Lars. I’ve just moved over from Lastpass. Your integration with HIBP won me over.

  • LarsLars Junior Member

    Team Member

    @TheHooond - that came together very quickly. Troy announced it, and as soon as we saw it, we loved it -- and also realized that we could integrate it into Watchtower without too much difficulty. I'm glad you're a fan of HIBP and 1Password's integration of it -- welcome! :)

  • Seems like this request has been on the books for years. Would definitely make administration easier if an item could live in multiple vaults (and have good visibility as to what vaults its in)

  • LarsLars Junior Member

    Team Member

    @colinstuart - I can definitely see why it might make sense that one should just be able to "see" an item in multiple vaults, but because of the way 1Password is constructed, it just doesn't work that way. Each vault is a encrypted with a separate key, and although of course you can copy or even move items between vaults that you have access to, you can't (currently) have one single item that resides in one vault but can be "viewed" in another. So, while yes, this request has been "on the books for years," it hasn't gotten any likelier to happen due to the structure of the vault-based encryption in 1Password. Thanks for taking the time to share your wishes with us, however! :)

  • Thanks for the explanation

  • LarsLars Junior Member

    Team Member

    :) :+1:

  • I am in total agreement that not being able to share a single password in multiple vaults is a significant mark against 1Password. We are converting to 1Password from PassPack (due to the sunsetting of their v7 and our dissatisfaction with it and the fact that v8 isn't fully developed yet) and really like much of what 1Password has to offer, not least of which is that it is fairly intuitive. But this limitation is going to generate some real headaches for us. Please push for this.

  • LarsLars Junior Member

    Team Member

    Welcome to the forum, @natsand! Thanks for taking the time to share your use-case with us. To be clear, you can copy a single password into multiple vaults; it's just that there will then be multiple copies of it which do not directly sync with one another.

    1Password is a vault-based system; if multiple teams or individuals need access to a specific set of resources, you can create a new vault for those resources and give access to those specific individuals. If you prefer, you can also use Custom Groups in a 1Password Business account to achieve some of the same effect: make the appropriate people members of a Custom Group, and give that group access to specific vaults.

  • hesspaulhesspaul Junior Member

    Hi all!

    I would 2nd (fifth?) the idea of linked items.

    But a tip under the current structure. We've started to migrate away from the ideal "purpose" vaults and gravitate towards "exactly who is there" vaults because there always seems to be an exception or two that causes us to break the mold.

    So we might have a vault called "PH/Lars/natsand" and another called "Prod/PH/colinstuart" just to make it super clear for anyone placing information in the vault who they will be sharing it with.

              - Paul
    
  • LarsLars Junior Member

    Team Member

    @hesspaul - it's definitely something we'll continue to evaluate for the future. It's not at all that I can't see any reasonable use-case for it; I certainly can. But as I mentioned to natsand, 1password.com is a vault-based setup for now...and there's been quite a bit of work put in to get things the way they are now. What you're asking for would be a foundational change in all sorts of things, including keysets, etc. -- it's not a small thing. If there's enough of a swell of user-support for the idea, it will bubble up to higher on the priority list, just like anything else. It's just not something we can do quickly or easily under any circumstances -- and there are always other priorities as well. Sorry I can't give you anything more definitive than that. :)

  • bundtkatebundtkate

    Team Member

    :chuffed: :+1:

  • I'll add to those that would like to see this. Or maybe a workaround... track that i've copied something to another vault... if either change, offer to copy. I'm going to guess this would be clunky... but I'm willing to do it :)

  • ag_anaag_ana

    Team Member

    Thank you for sharing your feedback @linh_nguyen! And welcome to the forum :)

  • Up Vote. Helpful alternatives 1) Track password creation. If it was a copy, then where was it copied from. Offer to update the master or at least notify the admin that a copy was updated. 2) Use the duplicate items picker create a report - show accounts with same name or URL, show passwords and vault for the account or at least show if the passwords match.

  • LarsLars Junior Member

    Team Member

    @mmarshall - thanks for the feedback and suggestions! :)

  • Throwing our support behind this as well. We just ran into it as we had some legacy stuff in multiple vaults and one of them the person who was rotating the password didn't know it was somewhere else and people lost access for a bit.

  • brentybrenty

    Team Member

    @missbook: If you keep it in a shared vault everyone with access to it will always have the correct information even when you're "rotating" it. :)

    Create, share, and manage vaults in your team

  • I agree. This is a major weakness for 1Password. I don't see a suitable workaround either. Please push for this. <3

  • brentybrenty

    Team Member

    On the contrary, the weakness would be if security was not enforced by encryption. Which it is. Which is how you can securely share a vault with some, all, or none of your family/team members without others having the keys to decrypt the data inside it.

    I get that the goal is to share an item, but if you share that in a vault the result is exactly the same, and you still need to set it up to choose the person(s) to share it with. Sharing a vault has added the benefit of scaling, since there is no additional setup if you want to share more than one item with the same person(s), either right away or later on. With a shared vault, you only have to set that up once; with shared items, you would need to do it for each one individually.

    It's possible that in the future we'll come up with a user-friendly way of "sharing a single item" in the UI, but in order for it to be secure in the same way it would still just be a shared vault with only a single item inside it. You can do that now, of course. Some people just seem to prefer to share something called an "item" over a "vault", even though will always just be a matter of clicking a few buttons to do so. :)

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file