✅ Encrypted export

The current export to json should be replaced by an export in json where the content is encrypted by your master password. That json file can be saved anywhere. Even in less secure locations.

Encrypting the backup could be optional.

When importing, you just point to the file. Bitwarden will ask for your master password to decrypt the file.

The code to encrypt can be borrowed from standard notes, or Joplin app, which does something similar.

3 Likes

Another simple option I use is to open a “virtual drive” (VeraCrypt, e.g.). Export directly into the virtual drive. Then close the drive and its as secure as you will ever need. Its very easy to copy the 50-150 meg virtual drive to numerous USB’s so even those are backed up in case a hard drive craps out.

1 Like

I agree but that would require additional technology that also isn’t available on all platforms. For example iOS devices or locked down business PCs.

All that is required for a native solution is access to a web vault.

2 Likes

I understand what you are saying. In the meantime at least I am secure and my solution (for me anyway) is completely portable among all my machines. The way BW inter-device syncs via the Microsoft Azure cloud makes portability mostly moot. A USB stick (multiple ones of course) means I will never lose access to my vault data, AND no other human being will have access to my encrypted file. Virtual drives are easier and smarter than something like a 7zip, IMO. Simple and safe.

1 Like

Is there any update/news on this? Ideally I’d love to be able to export my vault encrypted, as it is, with my BW PW?

That way, I can use the CLI to automate backing up my vault to my storage device that is 3-2-1 backed up.

The vault is already encrypted with my BW PW. If I can just export it as a file, in whatever format, then I can make backups of it. When/if I need to, I can import it into any BW instance and decrypt it with my BW PW.

I know I can already export the unencrypted file using CLI and then encrypt but this is not practical for an automated backup solution.

1 Like

It’s in the planning stage right now, definitely on the radar!

8 Likes

Any info? I think that it is a very important feature.

Thanks for this fantastic team.

1 Like

@Franky_FFV it’s on the docket for this calendar year. A few other items coming before it, next up being our “soft delete” aka “Trash Can” feature, as well as auto-logout/2FA vault access.

8 Likes

Configurable KDF rounds for an encrpyted export would also be nice. If it’s used as a backup, taking a while is not an issue. Cranking away stretching the key for a few minutes would be fine for me.

1 Like

I don’t know if it’s planned too (?), but if possible I would like to be able to do the encrypted export from the iOS app, not only from the web vault.

Anyway, hope this feature will come soon. Thanks to the team for their work.

1 Like

I’m looking forward to this feature!

1 Like

Yeah it would be very helpful if we use devices containing the exported passwords at border crossings.

Encryption can be done by

  • Passwords(not master password)

  • Private Keys

  • Encrypted Archives

  • Formats like kdbx or 1pif

  • Create another format like .bwdb(Bitwarden Database)etc.

Anyway it is a very very useful feature.
Thanks for publishing the roadmap of Encrypted Export.

:+1:
Thanks @tgreer for keeping us updated

1 Like

CSV already supports column/row delimiters in the data.

eg
raw text: hello,world
csv: “hello,world”, anotherfield

raw text: they said “hi”
csv: “they said ““hi”””, anotherfield

If the import or export system does not properly escape like this, then they’re not truly “csv”, but some random implementation of comma delimited data.

1 Like

So it is one the road map to maybe arrive in another 18 months or so, at least that is something.

I think that this feature, which is trivial to implement looking at the code, is a business problem for bitwarden because it comes awfully close to keepass style where you just “sync” by saving to your own cloud drive/storage and never need bitwarden servers ever again for anything, nor would you have to self host. It renders server side obsolete.

1 Like

I have been using keepass with sync to MEGA cloud service, before I switched to Bitwarden.

I can say that, Bitwarden is still much easier and smoother to use; even when compared with such a use case of keepass + cloud service. So, I don’t think implementation of encrypted export feature misalign with the Bitwarden’s own good.

Stop-gap solution:

1 Like

This might be what you are looking for:

1 Like

Sorry. That’s not what I’m looking for. It is a nice workaround though. But my current workaround with exporting to a Cryptomator vault is, too,

I’ll wait for Bitwarden to add a native encrypted backup that by nature is INDEPENDENT from other tools.

@kspearrin Have you thought about implementing a PGP encrypted SELECT database dump over SMTP?

I’m thinking that you dump my already encrypted data, optionally encrypt it again with PGP and send it every week to me over SMTP.

I am well aware that the BitWarden database is on Azure and is backed up boatloads, but considering how majorly fucked my life would be if Bitwarden went poof i don’t even want to think about it. Somehow being able to get a raw dump of my data every now and then would feel very reassuring. I haven’t read sourcecode, but i assume even though the data is encrypted you could still do a couple selects to get my user specific data out of the tables, dump to csv, tgz and ship it off over SMTP.

The option now with bitwarden cli means the data gets decrypted, which means i must store auth somehow… Which means if my machine is compromised someone would definitely get all my passwords to all services in their hands.

1 Like

Are there any update on this?
I would like to have the encrypted export to backup my passwords and store it on my own.