Duplicate removal tool/report (including merge)

Let me explain myself: we have many customers where we store as little as possible of passwords by ourselves but for some services we manage we need something like a main password. In case one of our coworkers leaves we would like to reset all the passwords just in case (we have this automated), we can output this to a file which we can import in Bitwarden… yet there comes the problem: we get duplicates…

Thanks for the feedback that updating a password periodically is not recommended.

And no, our coworkers don’t leave that often lol, but just in case. The word ‘frequently’ was perhaps a bit exaggerated, yet I think Bitwarden should really step up and start making work of this feature request.

Why not bulk delete the client passwords from your vault before importing the updated passwords? Would be relatively straightforward, especially if you have a folder for this purpose (or a custom field as a tag).

Because besides the passwords there is also bit more information like a TOTP and some notes… would be a shame to lose those…

I proposed at work to export our passwords, and make a tool that combines everything… Again a bit of extra work that should not be needed if Bitwarden has this feature in the first place.

But how are you retaining those now? If you import a file that has the updated passwords but does not have the TOTP and notes, how are these pieces of information getting combined in your current workflow?

I understand better now that you are looking for a merge function, not a “duplicate removal tool/report” per se.

Even a merge tool may not be as helpful as you think, because all merge conflicts will have to be resolved manually. In your case, for example, if the tool were implemented, it is likely that you would be presented with a list of all “duplicate” client credentials, and then be asked to manually indicate for each item, which if the two passwords should be kept.

Now we retain it by hand which is a waste of time.

You are right we are seeking for a merge function in the best possibile situation.

I would prefer to see each item bitwarden item have a guid, that we can retreive when we export it from bitwarden. Then in another tool we can link each customer to the specific guid. Then create the import file that only overwrites the password field. That would be optimal for us.

Each item does have a unique itemId (which you can even deep-link, in the format https://vault.bitwarden.com/#/vault?itemId=yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy). If you export in .json format, the item ID is included in the export. You should be able to script a tool to do what you want using the Bitwarden CLI and jq. If your vault items have unique names, you could also do a more low-tech workflow involving a .csv export.

So if I understand you right is if I export a folder of bitwarden to json, there is a uid, I can in a different tool manage that and replace the old password with the new one. Then create a json out of that and import it again, and it all keeps the same uid?

No, if you import a .json that contains an existing Item ID, then it will not replace the existing item — it will create a new item with a new Item ID.

In my previous response, I was alluding to using the CLI command bw edit to modify an existing item in situ.

Can’t believe this isn’t an existing feature. The idea that the only solutions involve exporting your vault into plaintext and running it through a third-party piece of software blows my mind. It’s stripping away every layer of security and opening yourself up to having your vault abused.

Furthermore, this isn’t a user-friendly process for non-technical users—and can you really say that someone who has exported their vault to plaintext is going to securely delete it when done in all certainty?

Why this feature not exist? Don’t understand…

agreed, simply clever :+1:

I just imported a bunch of passwords from chrome and I realize there are a lot of duplicates. Is it possible to have a filter to show duplicate items if the have the same website, similar names, or even the same password or username. This filter would help with my 1,000+ passwords that have some duplicates mixed in.

Thanks

@JacobH Welcome to the forum!

I merged your post into an existing feature request on the same topic. It may be a good idea to review the discussion above for work-around ideas. In addition, several work-around solutions have been posted in this recent Ask the Community thread:

 

Also:

There already is a Reused Passwords Report (Premium subscription required).

This is such an simple script/feature to implement and offer.This is why I can’t use Bitwarden as my primary password manager, rather, only as a backup.

1 Like

How often do you create new duplicates? :thinking:

1 Like

I’m not sure I understand the connection to your question. It seems like you might not be using Google Chrome’s password manager, which has limitations with the ‘Note’ feature that I find really useful.

For me, Bitwarden is primarily a backup to Chrome’s password manager.Nothing more.

1 Like

So here you stated that the missing “duplicate removal tool or reports (including merge)” (title of this feature request) is the reason you can’t use Bitwarden as your primary password manager.

The connection for me is: I have nothing against this feature request. In fact I think it would be very useful. But for me, I guess, I would mainly use it once: when I would set up my database here in Bitwarden, probably merging from various sources if I had no central password storage before. There I can absolutely see the value of a duplicate removal or merging tool.

But as I don’t frequently import other login data into my now existing vault, I don’t have the problem of duplicates any longer… I always use Bitwarden for logins (apart from some passkeys on devices) and don’t create new duplicates - because why would I create another entry (vault item) for an account/service, when I already have an entry for that in Bitwarden?

That’s why I thought that you must have constantly new duplicates, so that you would need a duplicate report/removal/merging constantly, hindering you to make the change to Bitwarden as your primary password manager.

So I wondered, how often you create new duplicates (and the circumstances leading to that)…

1 Like

I would consider duplicates to include duplicate accounts, those that can safely be merged, and duplicate passwords where the websites or usernames are different and, therefore, need to be flagged as potentially insecure so this issue can be rectified either by changing passwords for one of them or specifying them as equivalent domains so they can be treated as a single entry.

Nope. Entries for the same URL with different username and passwords need to be maintained as separate entries for testing if nothing else.

I was shocked when I started uploading exported password lists to this password mamanger that so many many people recommend and then BAM! I’ve got many duplicate entries?! I have to first import all of my passowrd lists into excel and manually dedupe them?! HOw is this not a very basic feature that was implemented years ago?! I am shocked!

The primary reason that I was finally going to take the time to move to a password manager is because I use multple browser and multiple devices and sometimes I go to open a site and that browser has an out of date password.

Isn’t this kind of consolidation everyone’s first step?!

I’m disappointed that Chrome doesn’t show the date that a passwoerd was created/changed, so I don’t know which password is current without trying it.

I will look for a different password manager.

1 Like