Saturday, October 18, 2008

1Password & Syncing

I've mentioned before that I love 1Password for password management on my Macs and iPhone. Until they added iPhone support I had a reliable password manager that kept all my macs up to date and my passwords were everywhere. When they added iPhone support they ran into a nasty bug with permissions which caused a lot of pain. Their solution was to move away from Apples sync services and keychain approach to their own file format. In the process they lost the real ability to do synchronization of passwords between machines. Their recommended solution is to move your new 1Password keychain to a network drive shared between the machines, either a real network drive (same network) or a virtual one like iDiskDropBox, etc. This "solution" leaves a lot to be desired. The shared storage approach either requires money (iDisk) (plus its notoriously crappy) or is a freebie with caveats that it could disappear at any moment (DropBox). While nobody really has sync working well, Apples sync services are generally workable. 

So the solution for me? There are a few options:

1) Give up on iPhone sync - no passwords on the road and I cant remember generated stuff, not an option
2) Give up on multiple computer sync - I have a computer I use for work and one for home, not an option
3) Use one of their sync methods - iDisk stinks. Dropbox could work but it can come and go, its another application, I dont need to store my stuff online, the space is limited etc.
4) Sync some other way.

So, i've mentioned before that I use rsync/ssh to keep things up to date on the files side and now that apps like 1Password are recommending a similar approach, off we go again, here's whats working for me with no new apps:

in my crontab file (crontab -e) I have (among other things :p):

# 1Password Sync
30      12      *       *       1,2,3,4,5       export SSH_AUTH_SOCK=`echo /tmp/launch*/Listen*`;rsync -avS -e "ssh -p <a port> -i /Users/Rob/.ssh/ssh_key " /Users/Rob/Library/Application\ Support/1Password/1Password.agilekeychain/"/Users/Rob/Library/Application Support/1Password/1Password.agilekeychain/" 2>&1 | mail -s "Backup: Sync 1Password from MacBookAir to Home Desktop"
40      12      *       *       1,2,3,4,5       export SSH_AUTH_SOCK=`echo /tmp/launch*/Listen*`;rsync -avS -e "ssh -p <a port> -i /Users/Rob/.ssh/ssh_key"/Users/Rob/Library/Application\ Support/1Password/1Password.agilekeychain/" /Users/Rob/Library/Application\ Support/1Password/1Password.agilekeychain/ 2>&1 | mail -s "Backup: Sync 1Password from Home Desktop to MacBookAir"

This syncs first from my mobile machine, then back from my desktop. 

A few comments:

1) I dont use --delete which may be an issue if I ever want to delete Passwords but thats not something I do often in this case. The shared drive approach solves this problem but has the other issues mentioned above.
2) The whole export/SOCK thing is so it can use my saved ssh password for "/Users/Rob/.ssh/ssh_key" from my OSX keychain when it ssh's into the remote machine as a cron job. As mentioned before I use a not-well-known ssh port, and then no username/password just a ssh key.