To protect your privacy: email us with billing or account questions instead of posting here.

How to merge a computer specific vault("primary") with my private one?

ckjaustin
ckjaustin
Community Member

Somehow I established a computer specific "primary vault" which is different than my private vault. I would like to merge them so they show up on other devices.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search: How to merge a computer specific vault("primary") with my private one?

Comments

  • dbetty
    dbetty
    1Password Alumni

    There isn't a specific merge command available, but what you can do is move or copy the items in your Primary vault to your Private vault. This'll effectively accomplish what you'd like to do with your items, and your items will be available on all of your other devices that you're signed into the same account on.

  • BobAllison
    BobAllison
    Community Member

    The big problem with this is once you share an item into another vault by copying it becomes a Totally different item and is not associated with the original in any way.
    If you change something in the original it will not change in the copy in the other vault.
    You have to remember or write down, what items are copied to other places and when you change one you have to go look for and change all the others.

  • @BobAllison

    What sort of use case do you have where you're maintaining multiple copies of an item across various vaults? Would it perhaps make more sense to create one vault with that item inside and share it with everyone who need access to it? That way there is only one copy of the item to maintain and edits are available to everyone.

    Ben

  • BobAllison
    BobAllison
    Community Member
    edited February 2019

    But isn't that why you have a 'copy' function to copy items to another vault?
    I have my primary vault with everything. Then I have one with things I want to share with my wife and another with things to share with the kids. If I update the bank or pharmacy password I have to remember to change it in my wife's vault and if I update the Netflix password I have to remember to update it in her's and in the kid's vault. And then there are some to share with only the kid's since my wife doesn't want to be bothered with the online game accounts and such. There is also a vault for some I want to share with my parents and siblings such as the genealogy site and a photo bank.
    That makes a primary and 3 others.
    Your scenario is if there are items to share with A and others to share with B. The reality is there are some to share with A, some with B, some with C, some with AB, some with BC, some with AC, some with ABC, and double that if there is a D.
    If I was to try to sort them into vaults with each item in only one vault then the possible combinations of people to share things with become as many as 4! or in the extreme up to 24 vaults.

    What there really needs to be to be are four functions. A move, a copy that makes two separate unlinked copies, a share that makes a linked slave copy that gets updated if the primary gets updated, and a full share that creates a two-way linked shared copy that gets updated if any copy gets updated.

  • AGAlumB
    AGAlumB
    1Password Alumni

    But isn't that why you have a 'copy' function to copy items to another vault?

    @BobAllison: Sure, if you want duplicates -- say in a backup/archive vault. But this discussion seems to be expressly about not wanting that. :)

    I have my primary vault with everything. Then I have one with things I want to share with my wife and another with things to share with the kids. If I update the bank or pharmacy password I have to remember to change it in my wife's vault and if I update the Netflix password I have to remember to update it in her's and in the kid's vault.

    Yep. That's why, while you can certainly continue doing that if you really want to, we generally recommend keeping the items only you need only in your personal vault, and then those you need to share only in the appropriate shared vault -- that way everyone has access to what they need, but there are no duplicate copies to manage.

    And then there are some to share with only the kid's since my wife doesn't want to be bothered with the online game accounts and such. There is also a vault for some I want to share with my parents and siblings such as the genealogy site and a photo bank.

    That makes a primary and 3 others. Your scenario is if there are items to share with A and others to share with B. The reality is there are some to share with A, some with B, some with C, some with AB, some with BC, some with AC, some with ABC, and double that if there is a D.

    Sounds like you just need to create an additional vault for stuff you share only with the kid(s).

    If I was to try to sort them into vaults with each item in only one vault then the possible combinations of people to share things with become as many as 4! or in the extreme up to 24 vaults.

    I'm not sure how we got to "24 vault"...but certainly some people have that many or more, especially in a business setting. It's the only way to ensure that you give access to the correct people, which is incredibly important in many scenarios. It really doesn't sound like you need that many vaults though, just a few. And setting them up is a one-time thing, whereas the alternative is updating a bunch of duplicate copies of items any time you make a change. I'll go with the former, but certainly it's your prerogative if you want to choose the latter approach. Just remember that you made that call the next time you're frustrated about having to update the same information in multiple places. ;)

    What there really needs to be to be are four functions. A move, a copy that makes two separate unlinked copies, a share that makes a linked slave copy that gets updated if the primary gets updated, and a full share that creates a two-way linked shared copy that gets updated if any copy gets updated.

    No. Not only is that even more confusing, valts are each encrypted separately, so it isn't technically feasible anyway. The only way for that to work would be if they weren't really encrypted separately, and then divisions between them would merely be security theater, as there would be no cryptographic division between the data.

  • BobAllison
    BobAllison
    Community Member
    edited February 2019

    Sure, if you want duplicates -- say in a backup/archive vault. But this discussion seems to be expressly about not wanting that. :)

    Exactly - I do not want duplicates - I want to share the one I have.
    1PWs way creates duplicates. - Makes copies instead of sharing.

    Yep. That's why, while you can certainly continue doing that if you really want to, we generally recommend keeping the items only you need only in your personal vault, and then those you need to share only in the appropriate shared vault -- that way everyone has access to what they need, but there are no duplicate copies to manage.

    Sounds like you just need to create an additional vault for stuff you share only with the kid(s).

    That is what I have - a vault for stuff I want to share only with the kids.
    Plus one for stuff to share with the wife, plus one to share with the family, plus one to share with the extended family.

    I'm not sure how we got to "24 vaults"...

    It is probability and statistics - perms and combs. 4! (4 factorial) is 24.
    I have 4 sets of people (wife, kids, family, extended family) to share things with so I currently have 4 vaults.
    There are things I want to share with the groups made of set A, set B, the group of set A&B, and the group of set A&C, etc.
    You say to put things in separate vaults one for each group that I want to share with. That would mean one vault for sharing with a group made of A, one for a group made of B, one for a group of A&B, etc.
    The way I am doing it requires 4 vaults and each set of people needs to have their one vault.
    The way you suggest would require a vault for each different group or combination of sets of people and each group would need to have multiple vaults - e.g. my wife would need: her vault, the one for her and kids, the one for her and family, ...

    It really doesn't sound like you need that many vaults though, just a few.

    Exactly, the way I am doing it requires just a few vaults, 4 for me.
    The way you suggest could require many more depending on how many combinations of people I have to share with. It requires that if I wanted only one copy of each item I could possibly in the extreme require up to 24 vaults.
    It I think you are not understanding my point and what I am suggesting.

    And setting them up is a one-time thing, whereas the alternative is updating a bunch of duplicate copies of items any time you make a change.

    Exactly - setting them up is a one-time thing. But because 1PW does not really share items, they force copies of them that are unlinked, they require that I either try to maintain separate copies across multiple vaults or I have a vault for each combination people I want to share with.
    That is the point - I am frustrated because of 1PW's method and I am saying that it ould be much easier to maintain and require fewer vaults if items were truly shared between vaults in addition to being able to share vaults.

    Just remember that you made that call the next time you're frustrated about having to update the same information in multiple places. ;)

    >
    I am not making the call. 1PW is forcing it on me to either just copy items and have more vaults or do this in order to truly share items with fewer vaults.

    What there really needs to be to be are four functions. A move, a copy that makes two separate unlinked copies, a share that makes a linked slave copy that gets updated if the primary gets updated, and a full share that creates a two-way linked shared copy that gets updated if any copy gets updated.

    No. Not only is that even more confusing, vaults are each encrypted separately, so it isn't technically feasible anyway. The only way for that to work would be if they weren't really encrypted separately, and then divisions between them would merely be security theater, as there would be no cryptographic division between the data.

    I understand that vaults are encrypted separately but technical feasibility is a matter of the way software is written and difficulty and time to do it. It may be a confusing and technical challenge to write, but it is not impossible and would be less confusing and less time consuming for end users. As a computer engineer, I take things like that as a challenge and not as a block to limit a product. It is better to but the time and effort in one time up front than to require each end user to spend the time and effort.

    It would not "merely be security theater." There could still be the same cryptographic division that there is now.
    A user that has a vault already knows the keys to de/encrypt each vault they have.

    Just tossing an idea out there, but ----
    Maybe there could be a module of code that runs maintaining shared items shared between vaults. On a machine, the user and also the software already knows the keys for all the vaults it has access to. When one is changed it would update all the others.
    Each other person picks the vaults up by having them synced from some common shared server location, Dropbox or 1PW's server. They then automatically get the vaults after an item is changed and the machine it was changed on updates either the one vault it is in or all the vaults if the item was shared between vaults.

    It could even be extended to a database concept.
    If 1PW engaged in a paradigm that includes maintaining vaults based on timestamps across a multitude of users rather than the current method of one user having and maintaining vaults and just distributing them to other users they want to share them with.
    Of Course - this would require a system of software locks to make sure only one person/machine is updating a vault at a time.
    Then if perchance some other users had multiple vaults with a common item the code module on that machine would maintain it across each of the vaults it is in for which the keys are known - and then sync it to the Dropbox or the 1PW Server.
    Then when other machines see a new timestamp on a vault it would pick it up - and if the item is shared between still other vaults it has the keys to it would update the other vaults too.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Exactly - I do not want duplicates - I want to share the one I have.
    1PWs way creates duplicates. - Makes copies instead of sharing.

    If you have copies of the same item, those are, by definition, going to be 1:1 duplicates. Unless you edit one and not the other. Which seems to not be what you want. Hence my comments above.

  • BobAllison
    BobAllison
    Community Member

    I throw up my hands.
    You are not listening to what I am saying.
    You are reading what you want to hear.

  • analogist
    analogist
    Community Member
    edited February 2019

    @brenty: @BobAllison is partially right, you need more than 4, though it's 15 and not 24 (It's a bell number for 4, for all combinatorial sets ABCD: A, B, C, D, AB, AC, AD, ABC, ABD....).

    With large enough families that are not clearly demarcated like "children logins vs. parent logins", especially in non-nuclear family cultures, when siblings, roommates, in-laws, or extended family are in various combinatorials of family accounts, it can be easier to just copy the same item across a smaller number of vaults, rather than explode the number of vaults. I'd rather duplicate an item in "siblings" and "in-laws", rather than create another vault called "siblings and in-laws", especially since the vault names will be confusing to all involved parties when groups are combined (whose siblings & whose in-laws?)

    For example: my streaming video account(s) like Netflix are both shared across my immediate family, but also my physical house (roommates). I have pre-existing vaults for "immediate family" and "people I live with". It makes a lot more sense for Netflix to reside as a copy in both vaults, rather than make another vault called "immediate family + people I live with but low-security shared accounts only" just to contain Netflix and Hulu or something.

    @BobAllison: totally right, except that it's a combinatorial sum 4 + 4!/2!2! + 4!/3! + 4!/4! since the order of the elements doesn't matter, so it's smaller than the permutation.

  • analogist
    analogist
    Community Member
    edited February 2019

    @brenty Certainly, the architecture of the vault encryption wouldn't (and shouldn't) allow literally the same item to be truly "linked", since of course each vault is a truly independent binary blob, the only ownership link is the RSA pubkey in the keyset.

    But one could imagine a UI-based "linking behavior" where when examining an item with identical vault duplicates (using the same sort of matching as for duplicate passwords, but for all the rest of the fields), the UI informs you "item is also duplicated in vaults AB, BD, and ABD". When you go to edit such an item, you get offered checkboxes "do you also want to overwrite the detected duplicates in ▢AB ▢BD ▢ABD?"

    Of course, I imagine with all the spilled tears about full vault contents residing in memory, that this move will enrage... some members even more :p

  • Lars
    Lars
    1Password Alumni

    @analogist

    Of course, I imagine with all the spilled tears about full vault contents residing in memory, that this move will enrage... some members even more.

    Welcome to our world, LOL. 😆

    More seriously, though, it may be possible to do what you're asking in a way that doesn't expose the user to additional security risks...but I wouldn't necessarily bet on it, and without doing some serious exploratory work, I can't say for certain one way or the other. The question for us boils down to a number of things that have to be balanced: how many users want this feature? How many would make use of it even if they didn't specifically ask for it? How many would MISUSE it and/or get themselves into trouble? How much cognitive and behavioral load does this add to using 1Password (i.e. how much complexity does it add?) How much visual/UI clutter? Are there any security concerns? Do WE think it's a good idea? What other priorities are on our plate and how important are they/how many users do they affect? You get the idea. A change such as the one you're asking about would be neither quick nor simple to accomplish, and as such becomes a much harder lift because it requires we devote significant developer cycles to it and therefore (by definition) are not able to work on (either at all or not right away) multiple other things. That's not to say that something like this won't ever happen, just that it won't be happening today or tomorrow or even in the next update. I want to thank both you and @BobAllison for your thoughts on it, and taking the time to share your wishes and use-cases with us. :) Let us know if you have any additional questions or comments.

This discussion has been closed.