Database Backup

Agreed, I have just moved over from DashLane and used that feature alot, weekly encrypted backups.

1 Like

I saved a copy in an encrypted Keepass file, even though I don’t use Keepass. Bit clunky, and being able to save a copy of the encrypted database would be nice.

3 Likes

I recall this discussion somewhere else at one point (Github?) but haven’t seen any updates.

It does seem useful to archive an encrypted copy, with its encryption or recovery key being the only things that could open it.

On previous password managers you could either export an encrypted copy, or find a local directory where it lives and simply make a compressed zip file copy from it. Plop a data on the file name and done.

I would very much like this too please.

I am used to including my KeePass vault in my daily laptop cloud backup. No user interaction needed.

Also need this for Organisations.

And of course a way to restore the encrypted backup if the Bitwarden cloud vault becomes corrupt.

1 Like

This is a critical feature for me as well.

2 Likes

Seems the going method is to export CSV and encrypt that (AES-256 inside a Disk Utility .dmg disk image or similar).

But then you’ve had an unencrypted version on your machine momentarily which I’m not keen of. It’s unfortunate there’s no backup feature that makes an encrypted file that can only be decrypted with that same password as the original.

1 Like

Unfortunately that’s a crappy workaround. :frowning_face:

1 Like

I never appreciated how difficult it must be to design software that can export an encrypted copy of the database, which uses the same passphrase to decrypt it. That’s how both my previous PW Manager Apps did it (Splash ID & mSecure). I’m fairly certain Enpass and others are similar.

Curious to know what prevents Bitwarden from doing the same.

I looked into doing this KeePass backup method. Still a disadvantage of an unencrypted database on your machine, even momentarily.

And of course having to match fields of the export / import (and restore export / import).

Attachments not included (lesser issue for me, basic backup of database is most important).

If there was a way to download the encrypted database to your machine, that seems best. As long as it was built to restore this way, to have this older / backup database replace a corrupted / locked database - should that ever occur.

I’m hoping my current method of exporting .json / .csv and storing inside an encrypted disk image .dmg (AES-256) doesn’t have any loopholes.

-Mark
“It’s not data until it’s backed up” :slightly_smiling_face:

1 Like

+1 Lack of a real backup is probably the most obvious missing feature to achieve parity with the other major password managers.

3 Likes

+1
It’s very important!

1 Like

+1 I am giving up KeePass due to ongoing corruption when using cloud drives to share file. At least it had a backup for when things go wrong. Counting on this not ever getting corrupted, but what if???

1 Like

Yep this is a very useful feature. It is similar to the Encrypted export feature.

It can be merged

1 Like

Seems pretty similar to Encrypted export, which is already on the roadmap and should be developed soon.

2 Likes

Encrypted database backup (as opposed to unencrypted CSV / JSON) is definitely the essential thing with this request. But I imagine a database backup could also include additional information not presently included in the CSV (password history, URI matching settings, etc. Possibly even attachments - more on this below) adding even more value, and less adjustment, if you ever were to re-import from the backup.

It would be nice to have the option to include (or not) attachments with the database export as well. Since the CSV doesn’t include attachments. Not knowing how attachments are stored (or how difficult it’d be to include/exclude), I’d say that’d be low priority, but nice to have the option.

Also nice to have, but perhaps not necessary, the option to encrypt it with a different/unique password from the master password.

1 Like

Backups are essential and thus they should be automatic and a core feature.

1 Like

I agree, and would like to be able to download them to store offline, like cold storage.

1 Like

Love the newish encrypted JSON export.
Thanks Bitwarden.

3 Likes

Automatic encrypted backup would be nice for everyone worried about Bitwarden suddenly disappearing with everything. Personally, I want to use it so I can use some less private cloud backup like Google Drive. (also see Changing the database location for use with dropbox, etc)

2 Likes

Problem

I think this would only be possible if this is done on the desktop or mobile version. I don’t know if it would be possible to do this in the web version. I think this topic makes perfect sense, that is, this feature would work on the web and mobile.

initial considerations

  1. About that, I think it would be really nice to have a local copy as the Keepass file type. As long as this copy is encrypted and follows the standard keepass file format for that.
  2. But another perspective of thinking for an efficient backup solution that we should have, is this: even with this copy, wouldn’t it be better to use a database like sqlite?

important points to think and reflect

  1. Why have a sqlite copy instead of the Keepass file format? What is the advantage of this?
  • One of the advantages of sqlite for the keepass format is that it is a database that is used a lot for offline stuff and it is very performant.
  1. Are you saying it wouldn’t be nice to have a backup in keepsass format?
  • I’m saying it would be nice to have a backup in sqlite. From that point on, we can control different keepsass file versions for backup as well. Another interesting point, internally sqlite supports cryptography and is a relational database. This allows us to have a better query in the database if these same data are encrypted data.

Final or initial solution to this problem considering all views and opinions

  1. Backup must be done with sqlite
  2. The backup must be version controlled
  3. Data must be encrypted if it is decided whether the backup will be in keepsass file format or even as sqlite
  4. Backups are essential and thus they should be automatic and a core feature.

Features that may be optional

  1. There should be more backup support such as network(webdav, sftp), local(sqlite, keepass file) or cloud(google drive, dropbox, spideroak, tresorit …) or temporary(after a while, we delete or update the backup)
  2. Backup must be scheduled
  3. We must control different backup versions

results achieved with the solution

  1. If I need to open the data in keepass, I can. After all, you have a copy for that.
  2. If I need a complete copy of the data, I can. After all, I have a full in sqlite copy for this.

Notes

  1. I think this would be feasible if you have an encrypted file copy like the keepass file, like @henryg mentioned.
  2. I could be wrong, just think the way you think is best, it’s just a suggestion, and I’m open to any point of view or criticism
  3. My goal is not to criticize anyone or even think that my opinion is better than yours
  4. My goal is to present a point of view for a possible solution with the opinion of all of you to make it possible.
  5. links that are linked in this post, I am not receiving anything in return, I have not received any money, I certainly receive nothing. I’m just showing you some information I read.

my idea

image

illustrative image description

The mobile device or computer synchronizes the local data stored in the sqlite database on the bitwarden server with the api. In both cases, both the cell phone and the desktop receive, send and synchronize the data.

references

2 Likes