Currently we can export the vault to a file on the CLI, but there doesn’t seem to be a way to export the vault to the standard output. This would allow us to easily redirect it to an encryption program, like jq, gz or GPG, and would be more in line with the UNIX philosophy.
This bummed me out, too. I figured I’d be able to use something like:
bw export --output - | gpg [...]
I was surprised
bw doesn’t support using a
- for the output filename to use
Requiring my password export to touch the disk in a decrypted state is going to complicate my backup process!
I found this Feature Request while searching for how to do this, and thought I’d post my solution here since it took me a while to find.
tl;dr; It is possible. You want to do:
bw --raw export | gpg
The output of
bw export --help mentions that if “raw output” is specified then result is written to stdout, but that isn’t mentioned in the help doc at The Bitwarden command-line tool (CLI) | Bitwarden Help & Support , so you have to guess that it’s possible and download the cli tool to find out.
The help text output also doesn’t mention what “raw output” actually means. Initially I parsed that to mean “raw output format” and tried
--format raw. After reading the source in GitHub and finding that outputting to stdout was controlled by a
BW_RAW flag then searching for that and finding mention of
option:raw, I figured out that it must be a top level option and found
--raw mentioned in
bw --help as “Return raw output instead of a descriptive message”.
In summary, it works fine but the documentation needs some polishing. It’s all in Github, I’ll make some PRs.