WLAN Server with multiple Macs, Folder sync options

Hi @webfrasse,

I'm glad to hear you found a solution that works for you!

For anyone else who might be reading this, I wanted to reiterate a few notes about the Folder sync option from our support site:

Notes:

• We can’t provide support for any third-party sync solutions.
• 1Password can’t sync to a folder on iOS or Android, but you can use the WLAN server.
• Only sync to a folder on a local or removable drive, like an external hard drive or USB flash drive. Syncing to a folder on a network volume, like a Time Capsule or other NAS, may cause problems if the device goes offline.

If you have questions about that, please let us know - we're always happy to help! :)

@webfrasse: That's fascinating. Given the lengths you've gone to to setup this Rube Goldberg (Syncing) Machine, I'd probably get away with assuming you're equally fastidious when it comes to backups. But you know what they say about "assuming": it results in data loss. So if you or anyone else reading this isn't backing up your data, please do so — especially a single link in the chain breaking may cause things to stop working as expected, with unexpected results. :blush:

@webfrasse: Sorry about that! I didn't mean to confuse you, but I guess I did get a little bit carried away with my followup. What I mean is that you should backup your data since it could get hosed if something goes wrong with the sync setup you've devised, since there are so many moving parts. Better safe than sorry. Cheers! :)

Hi @webfrasse,

I'm very sorry if you were offended by his messages! I promise you that wasn't his intent. Obviously (and as Brenty implied), you're very technically inclined, to say the least. But not everyone who might read this discussion is. Your current sync setup is one that we don't support - it works well for you of course, and even if something goes wrong, you're probably capable of solving the problem on your own, even restoring data from a backup if necessary. But these are public forums which means anyone can read them, including customers who don't understand all of this nearly as well as you do. Our warnings & reminders are really for their benefit - we don't recommend they try an advanced & unsupported sync setup like this, but if they do, we want them to take precautions in case anything goes wrong.

I apologize for any misunderstanding about that! Please let us know if you need anything else, and enjoy the rest of your week. :)

Hi @webfrasse,

Good questions! The basic functionality of the Folder sync option (i.e. syncing a vault to a .opvault or .agilekeychain file stored locally on the Mac) is of course supported on its own, and that's essentially the same way it works when syncing with Dropbox - 1Password syncs to the local Dropbox folder on the Mac. When using Dropbox, the Dropbox app syncs the .opvault or .agilekeychain file between the Mac and the Dropbox servers, and with other devices. With the Folder sync option, something else is used to do that. (I know you already know this stuff, but I'm just laying the groundwork for the rest of my answer. ;) )

So, one of the main problems that can happen involves conflict resolution. A .opvault or .agilekeychain sync "file" is really a bundle containing many smaller files, and when you make changes to 1Password on one device, it updates certain files within that bundle. If a conflict happens during a sync and Dropbox (for example) is unable to tell which copy of an item has newer changes, it will create conflict files within the .opvault or .agilekeychain. 1Password is programmed to understand how Dropbox names those files so it can handle them properly (the conflicting data is saved in conflict fields in the item to make sure no data is lost). But other sync services might work differently and name conflict files in a way that 1Password doesn't understand, which can cause sync issues and lost data.

Many customers who don't use a cloud sync service with Folder sync will instead configure it to point directly to a network drive. One of the main problems with that setup is that 1Password has trouble if that network drive is unavailable, or if it encounters latency or other network issues when trying to sync there. 1Password has gotten better with that, but there are still cases where it tries to read the sync file on the (unavailable) network drive and just hangs for a long time before macOS tells 1Password that it failed to read the file. (On the other hand, pointing Folder sync directly to something like a USB drive is ok because there's an Apple API that notifies 1Password when a USB drive is connected and when it isn't, so 1Password can easily determine when to sync and when not to sync with that USB drive.)

Now, I don't think the examples I described above necessarily apply to your current setup, but I just wanted to give a couple good examples of why we can't support all possible configurations with Folder sync. Basically, there are too many other factors which we have no control over, or which are simply unsupported in the 1Password app. It's possible you won't run into problems with the way you're currently syncing, but I don't know that for sure because we probably haven't tested that specific setup.

I hope that helps to answer your questions, but please let us know if you have more! :)

Hi @webfrasse,

Sorry if I wasn't clear about that! I tried to address that towards the end of my message but you were probably hoping for something more specific:

It's possible you won't run into problems with the way you're currently syncing, but I don't know that for sure because we probably haven't tested that specific setup.

The examples I gave yesterday (conflict resolution/handling, network drive availability) don't seem to apply to your specific sync setup. I was just trying to give a broader understanding of why we can't support third party sync solutions, or sync configurations that we haven't tested and have no control over.

It sounds like you want me to tell you that your current sync setup will work and continue to work correctly, and/or that it's a "supported" setup, but I can't do that because it's not a setup that we support. But just to be clear, being an "unsupported" sync setup doesn't necessarily mean it won't work - it just means we don't know for sure. 1Password wasn't designed with that particular configuration in mind, and it involves several moving parts outside of 1Password that must all work as expected. We have no control over those moving parts, and we don't know what will happen if something goes wrong with one of them.

To be fair, I can't think of anything specific about the setup you've described that would cause problems. It sounds like it should work for you - and I truly hope it does! I just wanted to be clear that we've never tested that configuration and can't make any guarantees.

Hopefully this helps, even if it's not as specific an answer as you may have been hoping for. Have a great weekend! :)

@webfrasse: That's a good question. 1Password for iOS doesn't have any warnings for syncing with multiple computers because, as with Immortals, "There can be only one": it can only sync with a single server, and there just isn't an option to setup a second. When you "disable" sync with the WLAN Server, you're really disabling it. 1Password throws out everything it knows about the sync state with the old server, and then if you set it up again, it's brand new as far as 1Password is concerned. That's where it can become a problem, because there's no history of prior sync sessions at that point, so you can get conflicts. And we don't want to maintain a history in that case either, since that could have equally undesirable results because the user has intentionally disabled sync to setup a new connection.

Also, I think Drew's comments about using different tools to sync/copy a 1Password vault could be summarized by saying that not everything handles HFS+ metadata and bundles like this well. You probably have experience with that already, but I'd hate for anyone to stumble across this thread and take it for granted that this could work with just anything, given that our 1Password vaults contain some of our most important data. It sounds like yo've got it well in hand though. :)

My sync method isn't at any point touching the vault files. It's hidden inside the unmounted disk image which is just a single file being synchronized. If it gets corrupted it can't be opened. Built in protection. The sync methods I use saves copies before replacing the dmg file with a new version.

@webfrasse: That sounds beautiful. :love:

HFS+ is the file system used for all storage for 1P, be it iCloud, Dropbox or Folder Sync so I don't understand that comment.

Ah, sorry. While Dropbox uses the local filesystem (HFS+ on most Macs) on each device, it's using a more traditional database structure on the server side. iCloud sync doesn't use the filesystem at all though, just direct database calls to the CloudKit API. I'm not sure that matters now given the description of your setup, but it's fun to compare and contrast different methods. :)

Indeed, and I love it when a (backup plan) comes together! :sunglasses:

@webfrasse: Oh, no kidding! The first iteration of iCloud was pretty rough. Fortunately the new CloudKit API (introduced with iCloud Drive) that we've been using since iOS and Yosemite in 2014 has been a lot better.

Anyway, from a developer standpoint, CloudKit works the same regardless of the connection status. We're just making the API calls and the OS handles the rest, queueing the data to be sent as soon as there's internet access (or waiting until there's free bandwidth). As far as the specifics of how this works under the hood with regard to caching, you'd have ask Apple. But everything that 1Password "transmits" (I use quotation marks because it's transparent to us when) is encrypted first regardless of the sync method. iCloud can seem a little awkward because of how little insight we have into it, but the plus side is that we don't have to change anything as Apple improves things on their side over time. Cheers! :)

@resnick: It's really an unsupported "do at your own risk" sort of thing. Certainly it's possible, but it's not something we recommend since it could result in data corruption or conflicts. And whether or not you try it, it never hurts to backup your data. Cheers! :)

Indeed it would be a nifty feature, but there are a lot of dependencies when it comes to WLAN. The way the network is set up is a huge one, and that's not something we can control. When it comes to an internet connection, that's more straightforward: You can sync your data if you're online, and you can't if you aren't. WLAN is really tough to troubleshoot, and making it more accessible just isn't something we're looking to do right now because for most people, a 1Password.com account or third-party sync service work great.

If you do want to keep your data offline and still sync computers, you could use folder sync with a LAN server. Troubleshooting this can be tough as well, but it does tend to work well for most people I've talked with. You may find it a great solution for you as well. :)

@resnick: Correct. macOS doesn't notify us when a network share goes offline, only a local drive. That's why we advise against doing that:

Only sync to a folder on a local or removable drive, like an external hard drive or USB flash drive. Syncing to a folder on a network volume, like a Time Capsule or other NAS, may cause problems if the device goes offline.

So 1Password only finds out that it isn't available when it tries to read or write data. We're not going to stop 1Password from trying to read and write your data as you use the app, as that would automatically result in data loss. A better option would be to use folder sync with a local folder on each Mac and using something like ChronoSync to keep them up to date with each other. But we only support syncing with the local folder (no different from Dropbox) and don't have plans to formally support every configuration that intrepid DIYers come up with.