Deleted password shows up in vault export

xyzzy · July 9, 2020, 10:53pm

I did a vault export and found that the export had 1 more login password than my bitwarden vault. Checking this the additional password is one which I deleted some time ago (and purged from the bin). I checked the browser extension and the vault and the old password is not there. Is there some way to ensure old passwords are deleted never to be seen again?

genel · July 30, 2020, 4:42pm

I have the same problem; except, it is several deleted records that are in the export.

DenalB · August 5, 2020, 12:53pm

Seems to be a bug that should be fixed. Isn’t it @tgreer?

tgreer · August 5, 2020, 1:18pm

We’re trying to determine the best way to handle this, since the items in the ‘trash’ aren’t technically deleted yet, and if we don’t export them, someone using the ‘trash’ as an archive may be disappointed on export.

DenalB · August 5, 2020, 1:48pm

But for me it sounds like the trash is already deleted…

And so if I delete an item into the trash and afterwards I delete the trash then this shouldn’t be an archive anymore and an export shouldn’t show formerly deleted items. Right?

xyzzy · August 5, 2020, 3:09pm

If an item was still in the trash and if showed up in the export, I would understand that, but in my case it was an item which had been purged from the trash some days earlier. In this case it should not appear.

vachan · August 5, 2020, 4:03pm

Why not provide a checkbox like “Include items from trash ”

tgreer · August 6, 2020, 1:13pm

@xyzzy which client is it? I’ve tested and only items in the ‘trash’ are exported, not purged items.

xyzzy · August 6, 2020, 3:16pm

The password in question I think was deleted with version 1.45.0 of the firefox extension running on windows 7. I am not sure which version of firefox I had then as it has gone through at least one update, but would have been current at the time. I used the web based vault to export from the same computer (so firefox running on windows 7).

cscharf · December 9, 2020, 8:00pm

–Items in the trash are no longer exported from your vault when performing exports.–

recanted, sorry for misspeaking, this is still on our product backlog and something we’ll address in the future.

eljejer · December 18, 2020, 2:53pm

@tgreer
Hmm, first of all: I’m loving bitwarden.
I’m in the process of changing 3 old email addresses on various platforms into 2 new ones.
And while doing so, change all the passwords.
But now I have about 300 items in the trash that appear in the export.
The version of the browser extension is 1.47.1 dec. 8th
I must now delete all the items in the trash one by one?
Not so nice…

tgreer · December 18, 2020, 2:54pm

You should be able to delete everything in the trash from the web vault.

eljejer · December 18, 2020, 3:39pm

Okay, great!
So contrary to what @cscharf states, the trash items are still in the export then?

cscharf · December 18, 2020, 4:07pm

, well thought this was good, just double-checked after your post and see that yes, items from the trash are still exporting. So I had mis-poke earlier, my apologies. We are now excluding deleted items in the trash from reports, duplicate password/reuse and exposure reports/tools, etc. However we have an item on our backlog still to address the export of items in the trash itself.

Carto · December 19, 2020, 10:18am

I had just clean the bin, but many (cca 30) of deleted items or changed passwords are still present in export. Changed passwords appear in old form!

Ben86 · December 20, 2020, 6:42pm

I could see excluding deleted passwords from the CSV export, but the json export, which is a serialization of the vault, should include the entire vault, including soft-deleted items. /2cents