Nicolas Martyanoff – Brain dump About

Exporting 1Password data for backup

Storing credentials and confidential data in a secure location is important, and I have been happy with 1Password for years.

But having all this critical information stored in a single location is dangerous; losing access to my 1Password account would be quite annoying, forcing me to reinitialize passwords on dozens of websites and making me lose a lot of information.

Fortunately it is possible to export all data from 1Password. It does not seem to be doable directly from their web interface, but their command-line tool supports it.

You will need first to connect your account. For example for a personal account:

op account add --address --email YOUR_EMAIL_ADDRESS

Note that you will not stay signed-in, and will have to re-enter your password later using: eval $(op signin).

There is no command to directly export all entries, but it can be done with a small script. If you are not familiar with GPG, feel free to refer to my GnuPG introduction.


set -eu
set -o pipefail

# Configuration

# Command line
if [ $# -lt 1 ]; then
    echo "usage: $0 <output-file>" >&2
    exit 1


# Keep permissions tight
umask 177

# Sign in to the 1Password account
eval $(op signin)

# Create a temporary file to store the list of item ids (this list does not
# contain any confidential data).
trap "rm -f $item_file" EXIT

# Export a list containing the identifier and vault identifier of each item
op --format json item list | jq -r '.[] | .id + " " +' >$item_file

# Export all items, encrypt all data and store them in the output file
while read item_id vault_id; do
    op --format json item get $item_id --vault $vault_id
done < $item_file | gpg --encrypt --sign --recipient $gpg_key_id >|$output

The resulting file can then be stored anywhere, without any specific protection since it is encrypted.

Share the word!

Liked my article? Follow me on Twitter or on Mastodon to see what I'm up to.