Placing 1Password.agilekeychain under Subversion control

Ralph

<div class="IPBDescription">Can SVN metadata render keychain data invalid?</div>Hi there.



I am a 1Password newbie -- just one day of experience with this software so far -- and I have spent some time on trying to figure out the best sync strategy for me. In http://forum.agile.ws/index.php?/topic/1958-all-information-is-not-encrypted/page__view__findpost__p__13561 I have read that "We have even heard reports from a user who has done this with Subversion", which is exactly what I'd like to use. However, there were no details and I have not found an official statement regarding possible caveats placing 1Password.agilekeychain under SVN control.



Can the metadata added by Subversion (the .svn folders and their contents) have any negative effect on 1Password? Of course I could just go ahead and experiment, but I'd rather not find out that the data I painstakingly transferred semi-manually from my previous password storage tool gets garbled after a couple of days.



What are your thoughts?



-Ralph

khad

Welcome to the forums, Ralph!



I do not have any personal experience with this, so I will have to defer to other forum members and co-workers. I do not know that anyone on the team has ever tried this.



That said, once you backup your data in 1Password (File > Backup Data File), give it a go. (You can also just place a copy of your 1Password.agilekeychain in another folder.) With everything backed up, you've got nothing to lose. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



Please let me know how it turns out! I'm very interested.

Ralph

Things are looking good so far. My test setup consists of Apache 2.2.17 with SVN 1.6.16 modules on a Linux server and a Subversion client 1.6.16 on Mac OS X 10.6.6. I've imported my existing 1Password.agilekeychain. The following client side settings were active at this time. I don't think these settings make much of a difference, but I thought it best to mention them for completeness's sake:



[code]

# ~/.subversion/config

[miscellany]

enable-auto-props = yes

[auto-props]

*.html = svn:eol-style=native;svn:mime-type=text/html

*.js = svn:eol-style=native;svn:mime-type=application/javascript

*.sh = svn:eol-style=native;svn:executable

[/code]

I used Password Safe on Windows and really liked it -- with the exception of the monolithic database files which are not well suited for version control. In contrast, the Agile Keychain structure goes well with Subversion. Distinct keychain items are stored in seperate files, which results in favourable, quick commit operations. Speaking of committing data: I have not yet tried this, but it might be quite easy to selectively prevent previews/thumbnails from being written to Subversion by using ignore patterns.



To keep local 1Password.agilekeychain directories and the SVN repository on the server side in sync, I use the following shell script, which I placed in the root of the keychain folder:



[code]

#!/bin/bash

#

# 1Password.agilekeychain/prepare-commit.sh

# This script was tested with Mac OS X 10.6.6 and Subversion 1.6.16.



tmp="$(mktemp /tmp/$(basename $0).XXXXXX)" || exit 1

trap "rm -f $tmp" EXIT



function svncmd() {

svn status | grep "^\\$1" | sed "s/^\\$1......./svn $2 /" >>$tmp

}



svncmd '?' 'add'

svncmd '!' 'del'

if [ -s $tmp ]; then

/bin/sh $tmp || exit 1

fi

[/code]

This script needs to be invoked before "svn commit". It parses the output of "svn status" and creates a temp file with the necessary "svn add" and "svn del" calls and then executes these commands. Without this script, items deleted by 1Password are considered missing by Subversion, and items created by 1Password would not be placed under SVN control.



<edit>

I forgot to mention: my SVN repository can be accessed via HTTPS, so I can open https://my.server.tld/mumble.agilekeychain/1Password.html in a web browser. Instant 1PasswordAnywhere support -- nice.

</edit>



Although it is still a long time until Christmas, I have a wish. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/wink.gif' class='bbc_emoticon' alt=';)' /> I would like to be able to invoke an external command from within the 1Password client. Then, I could call my pre-commit.sh script, followed by "svn commit", to sync my keychain with Subversion.



-Ralph

khad

Thanks so much for following up on this, Ralph. It's true what they say, "1Password has the strongest, most attractive, and all around better than average users." <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/laugh.gif' class='bbc_emoticon' alt=':lol:' />



One of the many design goals for the [url="http://help.agile.ws/1Password3/agile_keychain_design.html"]Agile Keychain Format[/url] was better, simpler synchronization. One way in which we have achieved this is through the use of a file [i]bundle[/i] with individual files internally rather than a single monolithic file as you mention.



That's a nice touch using a secure server for quick access to your data. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



There may be some security considerations with invoking a script from within 1Password, but I will mention this to the team.



Thanks again!