I recently migrated to a new Bitwarden account and then deleted my old Bitwarden account. During this process I didn’t realise attachments where not exported/imported and I have lost some attachments that cannot be recovered (careless I know). However… what I do have is a backup of my iPhone from before I deleted my bitwarden account. I have restored to this backup and then extracted a copy of my Bitwarden App local data without opening the App (so it doesn’t have a chance to sync with Bitwarden servers). My hope is this data contains a copy of my encrypted vault for my deleted account.
For example, I have these Bitwarden app data files:
I still know my master password for the vault in question. Does anyone know if it is technically possible for me to access the data of the vault? I have contacted support but they are not very helpful other than to say you can’t get back data from a deleted account.
Attachments are not directly in your vault. They are stored in Microsoft blob storage. Here is what Bitwarden’s help document has to say:
Blob-stored data, specifically attachments and Send files, are not subject to PITR [point-in-time-recovery – e.g. rolling back a database] functionality and are irrecoverable once deleted from Bitwarden. [cite]
Don’t really understand what the support department could do beyond saying “sorry”.
Unfortunately, file attachments are not included in the local vault cache, so although it should be possible for you to view the old vault contents after restoring your backup, you will not be able to open any attachments that had been stored in your old vault.
Thanks for the repsonse I appreciate the info. So I could potentially see which attachments existed but not actually get their content? Attachments are never stored locally at all at any point basically?
Thanks. Thats clear. But I guess I could still verify which attachments existed and their file names.
If I did want to access this vault how technically challenging is it to do that? Even though the data is there and I have the master password, my understanding is that as soon as I open that App it will sync with Bitwarden servers and recognise that account is deleted and prevent me from accessing it.
Unfortunately that doesn’t quite work. The Bitwarden App knows something is out of sync and requests access to the internet and won’t let me open the vault. Probably because the IPhone backup only includes the App data not the App itself. I believe when I restore the IPhone it installs the latest version of the Bitwarden app and then merges in the backed up data. So probably the App can see its version or some installation ID doesn’t match and want’s to sync.
Hmmm… might be some limitation specific to mobile apps, or some issue specific to your situation. On browser extensions and Desktop apps, you can definitely open the app in offline mode when there is no internet connection.
If the backup is older, there may be an incompatibility between the format of the local data cache and what is expected by the newer version of the app. You might try downgrading the app to a version that is contemporaneous with the time that the backup was made.
Regardless, it may in principle be possible to decrypt the data that is contained in the database files. See if they can be opened in some kind of SQL app, and if so what kind of data is contained in the files. You will need to find the protected user key to begin.
You can still restore cached data after the session is expired, but you must disconnect the device from the internet before launching the client (or else the cache will be purged as the client deauthorizes the session).
Even if the session is not expired yet, vault synchronization will overwrite the restored data with whatever is in the cloud database (unless the device is kept disconnect from the internet while Bitwarden is running).
Thanks for clarifying. That is good to know. The Bitwarden docs imply like the opposite (“Offline vault sessions will expire…”) by my reading. My guess is that “expire” refers to the server-side session information, as opposed to a “don’t eat after…” client-side check.
I think this only means that you have to log back in if you go “online” again after the expiration. So if you have a logged-in session and are accessing your vault by unlocking/locking, then you will no longer be able to do so if your session has been off-line for longer than 30 days (90 days for mobile apps) and then re-connect to the internet.