Allow Attachments to be exported when using Export Data

Attachments should be included when exporting data from Bitwarden. I’d like to use Bitwarden to store my SSH Keys, and I like to keep regular backups of my data for peace of mind. It is crucial that my SSH Keys can be exported, encrypted, and stored offsite as a backup.

@kspearrin Is there a chance that this is something that could be added in the near future?

EDIT: Wow, looks like someone else had a similar concern. Maybe these could be merged into one?

https://community.bitwarden.com/t/implement-ssh-agent-protocol

Our current exports are simple CSV files. I am not sure how we could also include your attachments with something like that.

What if you BASE64 encode the attachments and include them as part of the CSV data?

4 Likes

This is for me a very important one, before deciding to host all my details with or in bitwarden.
I need to be sure that I am not vendor locked in. Especially with this important data.
I need a way out, for when bitwarden stops or …

Exporting to csv, and then importing loses a lot of the important data and structure which for me is more or less like being locked in.

I would propose to have an keepass xml 2 export possibility:
Keepass is open source, free, a standard, and also supports attachments.
I think this would make a lot of people reassure to have a fallback, just in case.

I presume since the importing module is already working, the keepass xml is an open standard, the export module should be reasonably easy to do.

Agreed: 2fa is then not backed up, but the most will be usable without to much effort.
But these could be text notes in keepass, so the key is at least available to use in a another app like authy.

I love the features of bitwarden. But as long as there is no external backup that is uasable, I am not moving my account data.

Keep up the good work, I hope soon to join!

1 Like

@kheno You may also want to be aware of, and vote for Export cards and identities

If you went with this method, attachments could easily be encrypted with the rest of your data.

See Feature Request: Encrypted export

@kspearrin

1 Like

Why not just make the export file a zip file that includes the CSV in the root and attachments in folders that can identify which item it belongs to?

Directory names should preferably be the name of the item and folders but it can collide with unusable file path characters but it’s not hard to get over it.

Current export is more or less useless as it’s only exporting the text data and in case of a complete loss of a self hosted Bitwarden instance, restoration will be incomplete.

6 Likes

I’d also suggest to include attachments base64 encoded into the exported JSON file. This way at least the JSON file contains all the data of the user account. For most users the JSON file is a proprietary file format anyway, so it doesn’t really matter if it is usable anyway.

The exported base64 files should be imported as well if a user imports the JSON file again obviously.

2 Likes

I was shocked after exporting my vault for the first time today because i thought i was going to have a backup of my vault.

Exporting the attachments together with the JSON file can be very easy.

All logins already have their own id in the JSON file (“id”: “01234-56789”,) so you can create an Attachment directory and put all attachments in the directory with a name like

“id-orignalattachmentfilename.extension”

E.g. “01234-56789-attachment.txt”.

Zip the directory+JSON file for download and we can make backups ourself.

Next step would be importing that zip file the other way around and somehow encrypt the backup but that’s for later. I think so many users first would like to have a possibility to make a consistent backup.

@kspearrin, Kyle can you please let us know whether this is doable and on the roadmap (short term)?
Thanks a lot!

5 Likes

+1 from me, i you dont want to export them together with the json file, then just provide a conplete backup and restore solution.

4 Likes

This is also something that I would really like to have.

I think that a single ZIP file with a JSON file + directory structure of the JSON ID that @Marvin_S suggested would be perfect. I also wouldn’t mind the BASE64 encoded single JSON file option either, but it’s somewhat less accessible for the attachments than the ZIP with directory structure option.

Restrict this to admins only being allowed to backup organisations, but users still having permissions for their own vaults.

Optional encryption would certainly be an added bonus.

1 Like

Yes, this is huge for those of us who use attachments. I think what makes sense is the following method:

  • Assign each attachment a UUID, export it to an attachments directory with just the UUID filename. This gets around any issues of filenames being invalid for different filesystems. If you wanted it to be friendlier you could use the ID of the item and append an index and keep the extension. [item-id]-[attachment-index].[attachment-extension]
  • In each item object have an “attachments” key which is a dictionary of UUID:OriginalFilename.

Example:

{
  "id": "00000000-0000-0000-0000-000000000000",
  "organizationId": null,
  "folderId": "11111111-1111-1111-1111-11111111111",
  "type": 1,
  "name": "Some Thing",
  "notes": null,
  "favorite": false,
  "login": {
    "uris": [
      {
        "match": null,
        "uri": "https://www.bitwarden.com"
      }
    ],
    "username": "[email protected]",
    "password": "MyPassword",
    "totp": null,
	"attachments": {
		"22222222-2222-2222-2222-22222222222": "my_ssh_key.pub",
		"33333333-3333-3333-3333-33333333333": "my_ssh_key.id_rsa",
	}
  },
  "collectionIds": null
}

I think most of us can figure out how to encrypt the export and zip it up, but exporting the attachments is the real challenge.

1 Like

I’ve temporarily worked around this issue with a few commands.

The Output

Produce a GPG-encrypted export.tar.gz.gpg with the following structure:

.
└── export
    ├── attachments
    │   ├── 14dad131-1564-43ad-9b69-8b57d64a7749
    │   │   ├── 2FA.png
    │   │   └── Backup Verification Codes.txt
    │   ├── 672da1cf-fb5e-452a-87a5-759572b452d5
    │   │   ├── privkey.asc
    │   │   ├── pubkey.asc
    │   │   └── revoke.asc
    │   └── fa0459d1-0664-4f4b-9163-bdd3894670a9
    │       └── scanned.jpg
    └── bitwarden.json

Instructions

Detailed instructions are in the GitHub repository: https://github.com/ckabalan/bitwarden-attachment-exporter

The repo is just a README.md explaining the process and commands, but I created a repo incase anyone has any suggestions, issues, or would like to submit a pull request.

Summary:

> bw export --output ./export/bitwarden.json --format json
> bash <(bw list items | jq -r '.[] | select(.attachments != null) | . as $parent | .attachments[] | "bw get attachment \(.id) --itemid \($parent.id) --output \"./export/attachments/\($parent.id)/\(.fileName)\""')
> tar czvf export.tar.gz export
> rm -rf export/
> gpg --symmetric --cipher-algo AES256 export.tar.gz
> rm export.tar.gz

Reddit Thread

2 Likes

Currently Bitwarden export is only exporting usernames, passwords, TOTPs, folders and so on
but if you have attached a file to an entry it will not be exported while it would be essentials (e.g. PGP key).

1 Like

Duplicate of, please vote there for increased attention of the developers:

2 Likes

@MetBril Okay - done!

I can’t believe this is not yet implemented.

At least there should be a warning attachments are not exported until then.

4 Likes

Yep. there should be a warning.
What if a user purge their vault without checking the exported file. It will be a nightmare.

6 Likes

@kspearrin Any update on this? I’m a new Bitwarden Premium user and spent today uploading all of my important documents to my vault, and was absolutely shocked and devastated to read that they wouldn’t be included in my backup exports. This means, for me at least, Bitwarden sadly isn’t a viable place for secure file storage, since if something happens to my account all of my important files are gone! This is especially frustrating since I purchased Premium predominately for the secure attachment storage!

1Password allow attachments to be exported as part of a whole vault export, and in a range of formats too. Even a proprietary format for exporting the whole Bitwarden vault would be better than nothing at all!

6 Likes

Agree completely.
Bitwarden is great and 1GB storage is quite generous compared with the other password managers.
However, we now live in an age where cloud security is a growing concern.
So yes please - could we have on the shopping list:

  1. Ability to upload/download multiple files for attachment.
  2. A mechanism to easily export attachments.

Thanks for your consideration.

2 Likes