My other vault disappeared!

Mindplay
Mindplay
Community Member

I used to save my data on dropbox in a single vault and never had an issue before. But then I tried it and it was nice to have some separation. The problem surfaced because I wiped out my mac to install a fresh copy of OS X. Did it before and never experienced issues because my data was still there on dropbox. This time is different though. I installed 1Password and pointed it to my keychain on dropbox, but this time the second vault I made is not there anymore.

Can you please help?


1Password Version: 5.4
Extension Version: Not Provided
OS Version: OS X 10.11
Sync Type: Dropbox
Referrer: kb:contact-us, kb-search:vault, kb:move-vault

Comments

  • @Mindplay - if you had two vaults in Dropbox then reinstalling your Mac OS should not have affected that. Do you still see 2 .agilekeychain files in your Dropbox folder?

  • Mindplay
    Mindplay
    Community Member
    edited October 2015

    Nope, just one, and that's scary, because 1P holds very sensitive data. No-one can tell for sure but, as far as I can get, I had two different vaults till the last day of reinstallation and just one file in my dropbox. Fortunately I could find a copy of an old backup on time machine, which I recovered manually (backed up the latest, restored the old copy, exported all items from the second vault, then reloaded my latest backup, created a new vault and reimported all items). I found a copy stored in ~/Library/Container/com.agilebits.onepassword-osx/... However, the scary stuff is that the backup name shows 2 profiles, so how was this issue possible?

    Besides, as I could actually recover my passwords, I would like to tell that the whole system should be reviewed, as it's not clear how it works. You have a 1P package on dropbox holding your stuff, then you are presented an alternative way of storing your vaults in the preference pane, which can potentially mess everything up. For example, I tried intuitively to save my vaults in the same position from there, just to discover that both my vaults would be merged. Why do you offer the opportunity to do that? Of course it's obviously wrong and not the intended behaviour, but you are not presented any hints and everything runs just smoothly until you reach the point you realize you made a huge mistake.

    I think it shouldn't be like that, and you shouldn't be allowed to mess up with sensitive data.

  • Drew_AG
    Drew_AG
    1Password Alumni

    Hi @Mindplay,

    I'm sorry you had trouble with your secondary vault after doing a clean install of OS X! From your descriptions, I think I understand exactly what happened. Each vault has its own sync settings in 1Password. You used to have only one (Primary) vault, and you synced that vault with Dropbox. Then you created a secondary vault and moved some items there, but it sounds like you never enabled Dropbox sync for that vault (otherwise you would have had two different .agilekeychain files in Dropbox).

    If you open the main 1Password app and go to the menu for 1Password > Preferences, then choose the Sync tab, the left side of that window will list your vaults. If Dropbox sync is enabled for a vault, there will be a small Dropbox icon next to the vault name. Also, if you select a vault in that window, you'll be able to see its current sync settings - if Dropbox sync is enabled for that vault, it will show "Dropbox" in the drop-down list, as well as the file path to the .agilekeychain file in your Dropbox folder. As I mentioned above, each vault has its own sync settings, so if you want both vaults to sync with Dropbox, you'll need to set up Dropbox sync for each one.

    When 1Password makes a backup of your data, the backup file will contain all of your vaults. You said you found a backup file and used that to restore your data. However, it sounds like that backup file was from before you had moved your items to the secondary vault.

    You have a 1P package on dropbox holding your stuff, then you are presented an alternative way of storing your vaults in the preference pane, which can potentially mess everything up. For example, I tried intuitively to save my vaults in the same position from there, just to discover that both my vaults would be merged.

    I'm afraid I don't quite understand what you mean here. Are you describing what happened when you tried to enable Dropbox sync for your secondary vault?

    When you set up Dropbox sync for your Primary vault, it creates a file in Dropbox named 1Password.agilekeychain. If you create a secondary vault and sync it with Dropbox, it will create another file in Dropbox, using the name you chose for that vault (for example, if you named your secondary vault "Mindplay", it would create a file named "Mindplay.agilekeychain" in Dropbox).

    Now, you said you saw a message about merging vaults. That message is really just a warning, to make sure you chose the correct vault in Dropbox to sync with the corresponding vault in 1Password (i.e. the Primary vault should sync with 1Password.agilekeychain and the secondary vault should sync with [secondary vault name].agilekeychain). If you are syncing a secondary vault for the very first time, you'll want to select Dropbox in the sync preferences, then click the Choose button, then select the main Dropbox folder. Doing that should then show a Create New button, which will create a new .agilekeychain file.

    I hope that all makes sense! I'm not exactly sure how you have things set up right now, so I couldn't be too specific about what you might need to do (if anything). If you need more help, please let us know the sync settings for each vault in 1Password (including the file path to the .agilekeychain in Dropbox for each vault). Then if you need more help to get this all straightened out, we'll be happy to give you more specific steps. Thanks!

  • Mindplay
    Mindplay
    Community Member
    edited October 2015

    Hi Drew,
    thanks for your reply! Please find attached a picture of my current situation. Actually, creating a new vault doesn't create any additional file on my dropbox (assuming that by file you mean an agilekeychain package, not a file within that package). Does it mean my secondary vault is still not backed up on dropbox? That would be bad.

    Regarding merging, I think I understand what you mean, but not exactly crystal clear... If I choose to sync with dropbox, and it is 1P that actually creates my vaults, why should I still manually need this step? Which btw is a manual step and can (and did already) be a cause of mistakes.

    I started using 1P telling it to sync everything on Dropbox. I really did not expect I had to manually do these extra steps in the sync preference pane, and nothing asked me to do so.

    So all in all, I have the impression that something is safe on dropbox and something else is not, and I don't know which is which. And then, where's the rest? Additionally, because I do just have one single agilekeychain visible, I don't know how to assign stuff to the proper vault in the sync pane, and if I pick the same for both it will just merge and duplicate both vaults together. I really don't know what to do and how to double-check if my data is safe.

    Finally, I do understand that maybe it's my fault not being able to follow the correct procedure, but my point is that this procedure looks far from being ideal being prone to errors. And you don't want this to happen when you deal with the most sensitive data you have.

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hello @Mindplay,

    Hopefully I can help clarify some of the aspects of 1Password, I will certain try anyway.

    The Agile Keychain format used to be how we stored the vault back in 1Password 3. 1Password would read and write to the Agile Keychain directly - it was the vault and 1Password 3 allowed you to work with just the one Agile Keychain.

    1Password 4/5 are radically different. One of those differences is your vault or vaults (multiple vaults being a thing now) are stored in an encrypted SQLite database file. They're still separate but they're all stored in a single database. When we create a backup (that is stored only locally) we're copying that entire database and placing that copy to one side. It's maybe not clear but when we refer to a number of profiles in the filename of a backup that's the number of vaults in this backup.

    So we retired the Agile Keychain from being the vault and instead repurposed it to act as the sync container, the container that allows multiple copies of 1Password to inform each other of all additions, deletions or modifications. The Agile Keychain still only references a single vault and that's actually useful as the original purpose of having multiple vaults wasn't how many of us them (myself included) where we use them as a logical divide e.g. personal and work. The original intent was a way of allowing you to share a particular set of items with others like family members without sharing your personal items. To do this we needed it so that each vault is synchronised independently of each other. Indeed some people will want to share a secondary vault over Dropbox but not want to sync their primary vault there at all and the current approach allows this.

    We didn't intend for syncing to be used as a backup because it lacks any ability to revert to a previous version unlike the backups we store locally. Of course there is what we intended and how many interpret or use a particular feature. As I said earlier, many of us saw multiple vaults and found it extremely useful as a logical divide in our ever expanding primary vault.

    Now to vault syncing in 1Password 5.

    If the goal is to have a copy of both vaults stored in Dropbox here is what I would recommend.

    1. I'm not entirely sure I know what that current 1Password.agilekeychain that you have in your screenshot represents. So I would suggest moving it from its current location to somewhere safe like your Desktop.
    2. Open 1Password's preferences and switch to the Sync tab. With your primary vault selected in the list on the left hand side change the menu option from None to Dropbox. When you are asked to choose a location select your Dropbox folder. The path that 1Password should say it will use will be ~/Dropbox/1Password/1Password.agilekeychain and the button should say Create New. If it does then you know the Agile Keychain 1Password is about to create will be a carbon copy of your primary vault - no merging happening.
    3. Next select your secondary vault from the list on the left hand side. Go through the same steps, again selecting the Dropbox folder and when you have chosen it you should find the path 1Password wants to use is something like ~/Dropbox/1Password/XXXXX.agilekeychain where the XXXXX will be the name of your secondary vault. Again, the button should say Create New.

    This should result in two Agile Keychains being stored in the same folder, one per vault. 1Password's behaviour is if you select the main Dropbox folder it will assume you want to store the vault's sync container in ~/Dropbox/1Password/ and it will use the name of the vault as 1Password knows it as the filename for the Agile Keychain. If that Agile Keychain already exists it will assume you wish to merge with that Agile Keychain. If you select a particular folder inside of Dropbox 1Password will use that exact folder. If you select an existing Agile Keychain 1Password will assume that you wish to merge the contents of the Agile Keychain with the vault that you're setting sync up for. Sometimes this is exactly what you mean but in this case it would have merged your primary and secondary vault and likely caused you massive headaches.

    So that's a fair amount to digest and you may very well have plenty of questions afterwards which we will do our best to answer one by one. Hopefully though this helps clarify things a bit better as the first step to how 1Password currently works. We'll await your thoughts and any further questions :smile:

  • Mindplay
    Mindplay
    Community Member

    Hi there!
    Thank you very much for the time you took to support me :)
    That agilekeychain is there since I use 1Password, and it served me well till this very issue. So I'm a bit confused as I really don't understand how I got so far being so wrong at backing up the wrong file. I followed the steps and to my surprise 1P was still able to retrieve everything. So I wonder where was my stuff really.

    Anyhow, I was able to follow (hopefully successfully) the whole procedure for both vaults, an now my dropbox folder is populated with 2 packages, as you describe. Now I suppose my passwords should live inside those two packages, correct? How can I double-check it?

    And then there' s iOS. I can't figure out the way it's working and syncing. I looked for the same sync tab in the preference pane and there is one. But to start, it lists only a Primary vault with a wrong number of items, and tapping on Sync additional Vault > Sync with Dropbox > Dropbox account, returns "Error Listing Keychains".

    I think I'm confused :/ can you please help?
    Thanks,
    Andrea

  • Mindplay
    Mindplay
    Community Member

    Ok ok, I tried to work around it a little and I think I finally managed to sync everything on both OSX and iOS (I stopped syncing with Dropbox, then used Wifi, then back to Dropbox. It duplicated everything and I had to remove duplicated manually).

    So I think it works everywhere now, and that's enough to make me happy :)

    However, it does look like there are a few chances for things to go wrong here, and maybe that's something to think about.
    Thank you very much for your kind support!
    a.

  • Drew_AG
    Drew_AG
    1Password Alumni

    Hi @Mindplay,

    I'm glad things are syncing/working correctly for you now with 1Password on your Mac and iOS device(s)! Sorry that you went through a bit of trouble to get to that point, though.

    I don't know for sure why you ended up with duplicates, although I suspect that had something to do with exporting all the items from a secondary vault and importing them to the Primary vault (which you had mentioned was one of the things you did when originally troubleshooting the issue). In that case, the items you imported into the Primary vault would have ended up with new UUIDs that no longer matched the copies of those items you had on your iOS device - or in other words, it caused 1Password to see the copies as separate items, even though they contained the same info. It's really nothing you need to worry about now that you have everything back in order, but I wanted to mention it in case you were curious.

    I was able to follow (hopefully successfully) the whole procedure for both vaults, an now my dropbox folder is populated with 2 packages, as you describe. Now I suppose my passwords should live inside those two packages, correct?

    Well, technically your 1Password data "lives" in an SQLite file on your Mac which is stored somewhere in your ~/Library/ folder. That's where 1Password for Mac stores your data even if you aren't using any of the sync options at all. When you enable Dropbox sync for a vault, 1Password copies the data from that vault into a .agilekeychain package that it puts in Dropbox. So I guess you could also say your 1Password data lives in the .agilekeychain packages in Dropbox, although that's really just a copy of the original data which is used for syncing purposes.

    The reason you have 2 .agilekeychain packages in Dropbox now is because you have 2 vaults in 1Password, and you have now enabled Dropbox sync for each one. Your Primary vault syncs with 1Password.agilekeychain, and your secondary vault syncs with [secondary vault name].agilekeychain. (Previously, only your Primary vault was syncing with Dropbox.)

    Anyway, I'm really sorry for all the confusion! Hopefully it all continues to work well for you from now on. But if you run into more problems or have any questions, we're here for you! :)

This discussion has been closed.