✅ Encrypted export

@jawz101 it would only be useful for backup purposes or long time transfer of course.

Having a bit more of a look-around, it seems that at least there is an active bounty on popular archivers…most are unclaimed by the looks of it.

+1 for KDBX export.

I want encrypted backup too.

But i want to include in my scripted backup routine without human intervention and without specifying password on command line.

And encrypted backup of organisations obviously needed too.

How soon can we have this essential feature please?

I’m wary of any solution which involves downloading a clear-text vault backup and then encrypting it again. It seems like there’s a non-trivial probability of clear-text data being left around by mistake (for example if the backup process fails / crashes by accident). I would much rather have an end-to-end encrypted backup operation available.

For me, the exact format isn’t very important, as long as it’s not completely proprietary (i.e. someone skilled should be able to implement decoding for that format in a reasonable time if necessary) and can be ingested back into Bitwarden.

I think that this would be the best way to make secure backups. I will love if it could export directly in an encrypted common archive like 7zip. The user would be able to easily recover it even if it cannot use Bitwarden at the moment. I agree that it would be better not to write any unencrypted data to disk in the process.

CLI export Organization facility in meantime please.

Encrypted export is obviously proving to be difficult or not deemed a priority so I have 2 choices - abandon thoughts of moving to Bitwarden or write something to bridge the gap.

For the latter I need the CLI to be able to export Organizations. Would that be something Bitwarden could provide quickly please?

I would prefer an encrypted .json file. JSON has all information. To created it encrypted, it could be done like Standard Notes does the encrypted backup.

Encrypted export/import should be trivial to add. Even a simple proprietary encrypted format would be OK, so long as it can be export and re-imported into the Bitwarden app. The app could just encrypt/decrypt the existing JSON export/import format to/from a binary blob. This is a key feature, the lack of which is unfortunately a good reason NOT to use Bitwarden - in case Bitwarden’s cloud-hosted vault gets lost/corrupted and syncs lost/corrupted data to its apps.

I mostly agree. With some TLC you can safely backup the .json file to an encrypted container. I use an encrypted disk image on my Mac, but you could also use Cryptomator, for example. But it is a workaround and a pain in the b***.

I also very much would like to have encrypted export. However, saying lack of this is a good reason for not using bitwarden is a stretch. You can export your vault your own computer, and then encrypt the file or the disk, etc.

Sure, you can certainly export and encrypt but you then have confidential info in 2 systems, unencrypted fragments, etc. I want my less techie family to use it and secondary encryption is not feasible. But what kind of gives me pause is a lot of people (at a glance it seems once of the leading feature requests but I may be mistaken) asking for a feature that is trivial and obvious to add (I have tons of crypto dev experience). Why don’t the Bitwarden devs add this? Would love to hear an argument from them? In my mind it would complete an otherwise excellent seeming product (for my use case).

It does seem odd that this would not yet be an added feature, if it really is relatively “trivial” to add. Obviously its never that easy, requiring testing and bugs to be worked out, as always. I’d feel much better about having a direct encrypted export to backup the database locally - and not have to do an encrypted disk image or other workaround, all of which begin with an unencrypted export sitting on your machine.

+1
In total agreement !

+1 Is there any reason given by Bitwarden devs why they won’t add a simple encrypted “backup” option?

Personally, I think that it should be the resonsibility of the user to encrypt it after downloading. If Kyle supports password protected .zip files, people will ask for password protected .rar files… will be endless work, no?

(time which could be used for (more) important features like “Who is currently logged in to my account?” and other suggestions)

Why not just have BW do an encrypted backup as a .json or whatever 8-Bit thinks is best to implement.

A secured file backup towards which you can point BitWarden and say “here’s my new database” in case the old one gets wiped.

Clearly this must be more difficult to implement, or I would think BitWarden would already have this feature.

Seems to be a solid backup feature that would benefit many BW Users.

Question is what people want here.

A backup (some encrypted file in a special format which could be imported anytime back to Bitwarden) or a real export (to be able to move data to another provider)?

A real export is already possible.

My vote is for the peace of mind of an easily exportable, encrypted BW file that I can date-stamp in the file name, and have as a backup to the current database.

It would require the same password that was used to encrypt the database at that time.

How about just .kdbx files which are compatible with basic keepass software?