Security and privacy

About the security of your 1Password desktop app settings

Learn how 1Password secures and verifies your settings.

When you use 1Password for Mac, 1Password for Windows, or 1Password for Linux, 1Password stores a file called settings.json on your computer that contains all the changes you’ve made to the app’s default settings.

To secure this file, 1Password uses cryptographic signatures to make sure that changes to sensitive settings are only trusted and used if they originate from within the 1Password desktop app. This means 1Password won’t load changes to sensitive settings that you or someone else make directly to the settings.json file.

Your settings file can be found in the following locations:

  • Mac: ~/Library/Group\ Containers/2BUA8C4S2C.com.1password/Library/Application\ Support/1Password/Data/settings/settings.json
  • Windows: %APPDATA%\1Password\settings\settings.json
  • Linux: ~/.config/1Password/settings/settings.json

If you reset the app or sign out of all your accounts in the app, your settings file will be deleted, and you’ll need to reconfigure your settings.

Security model

When you make a change to a sensitive setting from within the 1Password desktop app, 1Password cryptographically signs the setting in your settings.json file.

When you open the 1Password desktop app, 1Password verifies each setting’s signature and resets any unsigned sensitive settings to their default value. This protects you from any changes potentially made to the settings file by other software or people with administrative access to your computer.

You can adjust some non-sensitive settings directly in the settings.json file, like appearance and keyboard shortcut settings.

The cryptographic keys used to sign potentially sensitive settings are only available while the 1Password desktop app is unlocked.

Considerations for system administrators

If you’re a system administrator and you need to enforce certain 1Password settings for your team, create configuration profiles to manage 1Password settings from your mobile device management (MDM) server.

If your organization uses macOS but doesn’t use MDM, you can install configuration profiles with a tool like iMazing Profile Editor’s dedicated profile manifest for 1Password 8.

1Password doesn’t support direct generic configuration of settings.json files on users' machines. Only a subset of settings may be automated.

Learn more

Published: