I have installed the "1password-cli" package on my airgapped linux machine with no network access ('op --version' gives me 2.30.3).
If I run 'op vault list', it tells me I have to add an account. When I run 'op account add' it tries to connect to 1password's servers and won't let me proceed without internet.
I don't see how this "local client" is helping if all the auth infrastructure goes through their servers.
There might be alternatives that are better designed for that use case these days; pass and KeePassXC are popular ones, depending on the interface you want (pass is made for the cli as the primary interface).
What does "You will get your vaults locally" mean?
Is it possible to export as a file, take that with you on whatever medium (eg. USB key, CD-ROM, future isolinear chip), put it on a brand new PC you built from scratch and never connected to the internet, and open it in some kind of standalone viewer?
That’s how 1Password used to work. Not sure how much of that is still left in the system these days.
Originally it was an app with no remote component. The vault was yours to look after. Most people kept it in Dropbox to make it accessible anywhere. The vault itself actually had an html file in it that you could open in a pinch that was able to decrypt secrets (only for reading, from memory).
Actually, 1Password had local syncing where you synced the vaults between devices on a local connection (I think it was point to point WiFi, so your internet dropped off, Bluetooth was less common then). So it was bucket brigade syncing.
Dropbox came later and security minded folks were wary. Honestly, I trust 1Password sync more than an encrypted db on a general purpose cloud file sync, but maybe that’s naive.
After auth, it downloads a copy of your vaults to your device from their servers.
Super contrived, but you could probably just copy the sqlite dbs of your vault it creates locally to another PC along with the 1Password installer and it might let you sign in with just your master key.
The likelihood that someone would be able to do this in 50 years time, without your company still around? Close to zero.
Passwords, even ssh keys and passkeys, are little pieces of plain text. If you think needing a specialised sdk or cli to retrieve plain text is a good software architecture, I think we see the world quite differently.
That's the exact reason it's open source, so it would still be possible to access your data in such an event.
We clearly see things differently but I think using computers to make our lives easier is worthwhile and storing/managing our secrets securely, effectively and conveniently is better managed by software than some ad-hoc setup.
Nitpick, passkeys are not text, they are binary blobs.
“1Password anywhere” (single html file password manager) stopped working a while ago. May be 6 years back. Sure you can install a new client and use a stored folder - but compatibility lasting to your grandchildren’s time / 50 year etc - highly unlikely
Since I’m talking about reliable long term archival of critical encrypted data here, let me again ask: in your opinion, what is the likelihood that in 50 years time, with 1Password long gone, my grand children would be able to run that local 1Password client and successfully decrypt the data?
Because I feel pretty confident that gpg will still be around (though hopefully long deprecated), that gzipped files would still be able to be opened, and everyone would still be able to open a csv file. Without any specialised software, sdk or whatnot.
If this scenario doesn’t concern you, that’s fine, 20 years ago it wouldn’t have been my concern either. But the older I’ve become, the more I think about this stuff.
Close to zero. Archive is a different discipline. You need to have formats that are long lived and accessible over time. Paper is best, and it goes from there. Some electronic media archivists are fans of TIFF. It’s a field with controversy.
Pick the formats your storing and handle security at the container. This might be an encrypted system that is copied and updated over decades or a physical storage safe or box.
It’s their No. 1 selling point.
> In 50 years time, who knows if any of these companies will be around
1Password has local clients. If you have the password, you should be able to unlock the vault locally.