Does emptying the trash permanently remove deleted entries?
Hi there,
I’ve been using 1password for many years and am in the process of going through my logins to delete unnecessary ones. It occurred to me that I may be better off doing a “clean install” of the vault to remove any legacy cruft.
But I read in the forum that deleted entries are in fact kept in the database because of sync. Is that still the case (I use 1Password 6 on Mac and the latest iOS version synced via iCloud)? I did try an export as 1pif file and didn’t see any deleted entries.
So, if deleted entries are kept, how would I go about exporting just the current data, and creating a new 1Password vault with it?
Thanks
1Password Version: Mac 6 / iOS latest
Extension Version: Not Provided
OS Version: Mac
Sync Type: iCloud
Comments
-
Hi @a1pmacuser,
It is correct that the encrypted SQLite database file used by 1Password does also store the Trash as until a user decides to purge the Trash completely those items must be recoverable. Even after an item is purged from the Trash, if you synchronise between two or more devices we need a way for one client to say an item with this ID did exist but now its deleted so other clients know to delete it. Without such a mechanism one client might assume the item with a specific ID in its vault but not in the sync container is new and needs to be synchronised.
Exporting would only export the alive items so that would be one way. That may be overkill though, if it were me I would say purge the Trash then disable sync and delete the sync container when prompted. Then set up sync once more. It saves having to reset 1Password completely but either should work fine for what you're wanting if you feel you'd prefer the full reset after export.
0 -
I appreciate your quick reply.
So if I disable iCloud sync, and delete the sync data from iCloud (how exactly?), this will remove all the old deleted entries?
Otherwise, do backups on Mac contain these deleted entries or just the current entries?
Also, if I were to do the export and reimport of existing items, is there a way to do this securely, as I understand it’s a plain text export.
Thanks
0 -
Hi @a1pmacuser,
I would go with purge the Trash, disable sync at which point the 1Password prompt will offer a checkbox for deleting the sync data. That will ensure stuff isn't being pushed from one device to another.
Backups are snapshots in time of the encrypted SQLite database file so they will contain anything from that point, including the Trash. I would offer caution before deleting backups because they are there to act as a safety net. If you're absolutely sure you could delete as many as you want. Once 1Password creates them though 1Password doesn't interact with them so they can't cause any harm.
You're right that the export is a human-readable, plain text file so you would need to be cautious. Assuming you use FileVault if you export and the file only exists on your Mac for as long as you need it then the risk is minimised. You would want to ensure the file isn't hanging around the macOS's Trash though, you'd want to completely delete it once it has served its purpose.
Does that help at all?
0 -
Thanks again. That does help.
By “purging” the trash, do you mean “emptying”?
I don’t intend to delete the backups, but I was wondering whether by restoring one, I would effectively get a copy of the data without all the deleted entries.
Is there an advantage of exporting/reimporting in plain text, or csv, or 1pif?
0 -
Hi @a1pmacuser,
Sorry about that, yes when I said purge I do mean empty which is the more widespread term and likely well understood by Mac users at large.
Restoring a backup would also restore the Trash as it was at the time of the snapshot, so it would allow a user to recover from emptying the Trash if such an action turned out to something they needed to undo.
As for exporting, I would only ever recommend exporting via 1PIF (1Password Interchange Format). That's a format designed to store all the data stored by a 1Password item in a way that allows for importing without any loss of context. The other formats are more for times where whatever you're wanting to import into doesn't understand the 1PIF format but might CSV, a much more generic format. With the likes of CSV the core parts will likely make it over but the items would undoubtedly need a bit of work to get everything squared away properly again.
0 -
Thanks.
So just to recap (so I’m sure I’ve understood right):
A 1Password file keeps all deleted items (not just those in the trash, but even those that have been emptied from the trash).
To start fresh, without having to carry all the deleted items going forward, I have 2 options:
Disable the iCloud sync, delete sync data, and then, the 1Password file will only have the current data, not the deleted data. From that point, I can reenable sync.
OrExport all current items into a 1PIF or CSV file which will only have current data, then reimport it.
Is the above correct?
As I’m more familiar with CSV files, does the CSV restore 2fa codes too?
I also wonder, from a security point of view whether deleted files should be kept in the file. I know that I would have expected work passwords from past jobs long ago I stored in my 1password file to be permanently deleted once I deleted the entry in the 1Password trash.0 -
Can anyone answer?
Looking into this, it seems like a lot of work. Maybe I’ll leave as it was. Can you let me know what data remains in the 1p file from deleted and emptied/purged items (especially logins and secure notes)?
0 -
Hi @a1pmacuser,
Please don't use CSV, if you must export trust the 1PIF format and yes any item that also has a TOTP field would carry those details over as its just a field in the item that we treat in special way. Exporting using the 1PIF format is an exact copy of the items including details such as password history, something each Login item has.
Once you empty the Trash those items are gone from the encrypted SQLite database file that is your vault(s). The actions with the sync container are just to ensure everything is neat and tidy.
0 -
Thanks for your reply. I appreciate the time you’re taking to answer.
I’m a bit confused by your last paragraph: you say that items that have been deleted from the trash (trash emptied) are no longer in the database. But in your previous responses, it seemed like the deleted (trash emptied) items still remained in the database. Which of these is correct?
I’ve looked on the forum and it seems like some years ago, deleted (trash emptied) items were kept around as something called tombstones. Is that no longer the case?
Initially, I thought that 1Password never removed deleted files from the database, and as I have used it for years, and created/deleted many items along the way, I thought it would be best to start fresh. But now, if deleted (trash emptied) items are in fact permanently removed, I no longer would need to do this task. Can you please clarify.
Looking forward to your reply. :)
0 -
Hi @a1pmacuser,
Emptying the Trash means the items are gone and are no longer in the encrypted SQLite database file 1Password uses. Backups though are archived snapshots of that same database so restoring one would restore the database to that point in time, including anything that was in Trash at that point in time.
Sync containers though are separate from the database, they're still encrypted, that have to be because its the same data as in an individual copy of 1Password but the sync containers need a way of communicating when an item used to exist in one copy of 1Password but has now been deleted. Those are what tombstones refer to. They will be all cleaned up if you delete the sync container though and create a fresh one.
0 -
Thanks littlebobbytables.
So I think I now understand.
Just to be clear:
The 1password database file does not contain the deleted/tombstone entries/data. It just contains the active current entries.
Backups automatically stored on Mac are the same as the 1password database file and would not contain the deleted/tombstone entries/data.
Data stored on iCloud/DropBox however would contain the deleted/tombstone data and purging this would remove the deleted/tombstone entries/data permanently.
Can you confirm that all the above is correct?
By the way, are the deleted files/tombstones in the sync data ever automatically permanently removed after a period of time?
0 -
Hi @a1pmacuser,
That all sounds right. I would stress though that because backups span a long period of time, many will contain items that were later deleted. After all that's the point of the backup, a way to revert to a previous point in time.
Tombstones should be deleted but I don't know the mechanism well enough as to when that happens and if it is reliable.
0 -
Many thanks littlebobbytables.
I’m just going to do keep my current file then, as it contains none of the old tombstone data, then resync.
About backups, I understand that old backups will have old data (of the date the backup created), but just to be sure: a backup created for example today in the 1Password app will only have inside what is currently in the database today, and not old deleted/tombstone data. Correct?
0 -
I have a couple more questions, in addition to the one in my last message:
- Is clearing iCloud data via the iOS app just as thorough as on the Mac?
- I messed up my Mac backups so I used an iOS backup to restore to Mac via iTunes, which worked. I noticed that in the backup, in addition to the sql database, there are 4 blob2 files. What are these? Could they have any of the deleted/tombstone data in them or do backups only contain current data or should I delete them from my main backup file? (Which I guess is the same as my question in my previous message.)
Sorry for all the questions. I just want to get this right.
0 -
Hi @a1pmacuser,
Any method that deletes the 1Password data from iCloud, whether its directly via 1Password or using the Apple interface will be equally effective in that the data is gone. I personally find doing so from within 1Password for Mac the easiest because all you have to do is tick a checkbox when disabling sync and its done. It's been quite some time since I played with disabling iCloud sync in iOS so I can't remember precisely what to expect. I'm sure it's similar though.
I think the blob files represent attachments as storing them in a SQL database isn't optimal so I would not recommend deleting individual files from within the application support folder.
0 -
Thank you. You’ve been really helpful @littlebobbytables :)
I’m pleased that I can just keep my current file, without having to export/reimport to get rid of the old stuff.
0 -
As are we all! No one wants to have to sift through a lot of data. Glad that lil bobby was able to help. Cheers! :chuffed:
0
