Storing credentials and confidential data in a secure location is important, and I have been happy with 1Password for years.
But having all this critical information stored in a single location is dangerous; losing access to my 1Password account would be quite annoying, forcing me to reinitialize passwords on dozens of websites and making me lose a lot of information.
Fortunately it is possible to export all data from 1Password. It does not seem to be doable directly from their web interface, but their command-line tool supports it.
You will need first to connect your account. For example for a personal account:
op account add --address my.1password.com --email YOUR_EMAIL_ADDRESS
Note that you will not stay signed-in, and will have to re-enter your password
eval $(op signin).
There is no command to directly export all entries, but it can be done with a small script. If you are not familiar with GPG, feel free to refer to my GnuPG introduction.
#!/bin/sh set -eu set -o pipefail # Configuration gpg_key_id="YOUR_GPG_KEY_ID" # Command line if [ $# -lt 1 ]; then echo "usage: $0 <output-file>" >&2 exit 1 fi output_file=$1 # Keep permissions tight umask 177 # Sign in to the 1Password account eval $(op signin) # Create a temporary file to store the list of item ids (this list does not # contain any confidential data). item_file=$(mktemp) trap "rm -f $item_file" EXIT # Export a list containing the identifier and vault identifier of each item op --format json item list | jq -r '. | .id + " " + .vault.id' >$item_file # Export all items, encrypt all data and store them in the output file while read item_id vault_id; do op --format json item get $item_id --vault $vault_id done < $item_file | gpg --encrypt --sign --recipient $gpg_key_id >|$output
The resulting file can then be stored anywhere, without any specific protection since it is encrypted.