Hacker News new | past | comments | ask | show | jobs | submit login

Where did you see that?

This comment just 4 months ago from 1Password says that exporting isn't possible: https://www.reddit.com/r/1Password/comments/18m4iph/comment/...

And I haven't seen any announcements in the opposite direction.

————

Edit: so I just checked and I can confirm that it's not possible to export passkeys from 1Password. Neither of the two available export options include passkeys.

> • 1PUX A 1Password Unencrypted Export (1pux) file will export all your data, except your passkeys. You'll need to create new passkeys with your next password manager

> • CSV (Export only certain fields) A comma-separated values file (.csv) will export only certain fields. It won't export data such as custom fields or file attachments.




Well then their enshitification just continues with their unending quest for burning every user-centric bridge they ever built. Goddamn

To answer your question, "bamboo menu, Copy Item JSON" which I believe is turned on due to my "Preferences, Advanced, Show debugging tools" being checked. I actually did try the $(op item get --format=json $its_uuid) first but figured there was some sekrit env var or --fields some_horseshit that I needed to dig up and it was more energy than I wanted to spend for a HN comment

So, OT1H, what I send was half true - they are available for export but only after some hoop jumping and seemingly not in the official export packaging, which I suppose almost guarantees they will not "round trip" back into a Vault in any kind of disaster recovery scenario

It seems those 1Password jokers just get great thrills out of ensuring that anytime I have something to praise them for they ensure they have some user hostile stupidity ready and waiting to drive people away


Wow I confirm that this option appears once I enable the developer options. Don't say it too loud though — I'm sure 1Password will remove it if they notice that it slipped past their view because of just dumping the JSON object.


I wrote the initial .opvault import into KeePassXC and briefly considered going after their local .com cache file (hidden in a very obtuse place, of course) since it seems to be using their same opdata01 <https://support.1password.com/cs/opvault-design/#opdata01> encoding, at least when last I looked, but then suspected that the audience who would have already paid for 1P but wanted to switch would use 1PUX. Seems maybe that does need more consideration

    $ cd ~/Library/Group Containers/2BUA8C4S2C.com.1password/Library/Application Support/1Password/Data
    $ sqlite3 -readonly 1password.sqlite
    sqlite> .tables
    account_objects   creation_drafts   item_overviews    ssh_pubkeys
    accounts          deleted_accounts  item_usage        users
    autofill          editing_drafts    kanon_autofill
    collection_map    feature_flags     objects
    config            item_details      search_weighting


This will be the straw, and now comes the “god how do I migrate off this shitshow” - enshittification pun intended. I nearly cancelled upon their choice to even add telemetry, then they made it possible to disable and off by default (though they still ask to turn it on).

The whole fucking point of a password manager, though, is to store and securely provide authn material while ensuring users can’t lose it… which necessarily includes ability to access it, and back it up.

It looks a LOT like passkeys and FIDO are, relatively effectively, backdooring what Google got beat to death for when they attempted to add “Web Environment Integrity” to browsers.

edit: But can I? I’m already questioning how hard it’s going to be, and if it’s feasible without a lotttt of hurt.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: