Level up your business security with free, on-demand training and certification. Explore 1Password Academy today →
Forum Discussion
Secret key visible on web page.
I understood that the Secret Key was set up on my local system and never travels to the 1Password on cloud database. So I was surprised to see that I can view it under "My Profile" in the 1Password. ...
elliotg22 Browsers have a small local storage facility, a small database where web apps can store complex and private session data beyond to what cookies do. Stuff the web server doesn't need to know. The secret key is queried and stored in this local storage when you login. It's not sent to the web server, the Javascript on the website is using that only locally.
Finally, what you see is the secret key pulled from the local store of your web browser by the website's Javascript. The web server is only serving the Javascript code, it doesn't run it. It does run locally in your browser.
