I’m curious to know about the underlying technology used to host bitwarden vaults as there isn’t much available on the website and I deem it a critical aspect of a password manager like bitwarden.
Yes i know that it’s hosted by Microsoft in there Azure Cloud, but doesn’t really tell my anything about how the vault is stored and which techniques that is utilized to protected it from damage such as bit rot or drive failures.
Are any of these details available?
Filesystem utilized
Redundancy (Like RAIDZ 1, 2 and 3 or mirrors)
Number of Backups kept
Is Bitrot protection offered (detection of faulty bits and auto healing)
Most of the details about protection of the vault data is explained in the Security Whitepaper. Backups are in the form of transactional logs that are maintained for 7 days only.
All details about hardware and filesystems would have to be addressed to Microsoft.
@grb Thank you for replying
I was hoping that a member of this community might know something.
At the very least i expect that someone at bitwarden must have some idea of the level of data protection that is offered by Microsoft otherwise there just blindly trusting Microsoft.
I would try and look up the details at Microsoft if i could, but I don’t even know which storage service they’re renting.
Microsoft offer at least a handful of services which plausibly could be used for hosting Vaults.
Bitwarden’s storage help page has a big clue: “reverse-processing transactional logs to make the database consistent with a selected point-in-time (see Microsoft’s documentation).” In other words, they are using Azure’s SQL database-as-a-service. They are not using a “storage service”.
That said, I think you are focusing on the wrong question. Supplier (Bitwarden/Microsoft) backups protect their interests (being sued). You need to protect your interests (losing access, regardless of who may be at fault). Back up your own vault occasionally, keeping copies in at least two locations, and test the backups every once in a while (keepassxc is good for this).
Thanks, your reply is really helpful.
Yes as you say, it does indeed appear like an sql database is used as vault storage.
It also seems save to assume that the vaults kept at Microsoft are stored with three times redundancy or more and that some form of integrity check is performed on databases hosted on the platform.
Of course, keeping ones own backup is always a good idea.
unfortunately Bitwarden is a bit lacking in this regard as password history isn’t exported nor is attachments.
Besides, the lack of an auto export feature also makes keeping regular backup unnecessarily difficult.
But then again, I wouldn’t expect the average person to ever backup there vault and that’s why I’d expect the utmost of care to be taken to ensure a high level storage redundancy and that backups be taken and kept at multiple locations etc.
Indeed, unfortunately I don’t think that we can’t expect much more from the average Joe.
This is why I’ve been trying to find out what kind of data protection that is offered by bitwarden so that I may, with good consequence can recommended to my not so computer savvy friends for which exporting the vault is unfathomable.
It appears that Bitwarden is unwilling to meet your expectation. Bitwarden explicitly states:
Beyond the above disclaimer, If the prototypical average person forgets the master password, Bitwarden can not recover it for them. It is technically impossible.
If they forget their MFA, Bitwarden will only remove the MFA if they can supply the recovery key. Without the recovery key, the vault will be lost.
If they clean up their vault “too much” and don’t notice right away, no amount of begging will help because Bitwarden’s backups will have aged out.
As an industry, I. T. has pretty much settled on it being a “catastrophic event” with wide impact. Unfortunately, the more specific one tries to get, the more one needs to enumerate all possible failure modes, which is why one will never get a black/white answer.
My impression is that it is just a disclaimer so that Bitwarden does not have to go through a recovery process for every user who has locked themselves out (e.g., by changing the master password and forgetting the new one), or who has otherwise corrupted or deleted vault data through user error.
On the other hand, I have seen instances of Bitwarden restoring accounts when vault or account authentication data have been corrupted due to a bug or technical glitch on Bitwarden’s side (e.g., some when some users’ accounts became corrupted after changing KDF settings), so the word “disaster” appears to be very loosely interpreted. Being vague about the definition allows Bitwarden to deny gratuitous recovery requests.
I agree, but it is better for Bitwarden to set a high bar (and lower the bar on a case-by-case basis, at their discretion) than to set a low bar (and not be able to deliver when a customer demands recovery for their account).
It would be for Bitwarden itself, if its actions ‘disastrously’ impacted its clients. Thus, they would or ought to be prepared for consequences of their own actions.
An inevitably loose but reasonable definition would be:
an event which halts ordinary business (personal) operations such that it is a threat to viability, and
is not recoverable by any version of switching it off and on again, but
requires some form of earlier preparation then significant resources or activity to recover.
The often-mentioned emergency sheet is a prime example of preparation. Coincidentally, I recently tested the full recovery chain to a different (.kdbx) application on the assumption the Bitwarden app had failed in some fashion.
I think data protection is essential yet take it for granted in terms of host security, then have a full recovery strategy. I know many people do not protect themselves, we see the plaintive results here. I prefer the security edge in the fact that Bitwarden cannot recover for the user.
Well now, I think your reading just a bit too much into my post.
I expect bitwarden to store the vaults reliably and I believe this requires redundant storage and some type of integrity checking.
This appears to be provided by Microsoft.
On the contrary I would even go so far as to say that it would be a security risk if users where granted unconditional vault restores if it weren’t for the fact that they only hold 7 days of backups which mostly mitigates this risk.
Otherwise an attacker may be able to restore a vault to a previous state far back in time and use a leaked password to gain access (The password would be changed on the current version of the vault).
This is of course a risk if bitwarden where to keep backups for an extended period, especially if they where to hand them out willy-nilly.
Even so I’m not sure if 7 days is long enough to ensure that the vault can be restored in case of some kind of corruption cause by a bad update etc.
What I don’t expect bitwarden to do, is to nanny it’s users and restore vaults from backup if they where to forget there newly changed password or similar.
Obviously, (as @grb where talking about) I would expect for bitwarden to help out if there’s a bug which somehow corrupts user vaults or similar.
button)