AgileBits, the company behind the 1password password manager, published a spec for their “opvault” format to show how confident they are in its design. This eliminates the need to reverse-engineer the encryption when trying to read from such a vault on a system where they don’t provide their tool. In this talk we’ll see an overview of the design of the format, such as the key derivation or the decision to split the meta-data from the details such as username and passwords. At the same time, the talk will follow the implementation of a library to read this format in Rust, which started as a way to practice the language but now has grown a GUI to display these entries so I can use the vault on my desktop.