I want (so much) an encrypted backup that can be generated without user intervention (command line option) that includes organisations and can be imported back in to bitwarden in the event of human or system error. If i ever wanted to move to another password utility then i would use the existing interactive export facility.
It seems like as long as there’s an encrypted file format that’s cross-platform (Mac/PC) then everyone could be satisfied with a backup that can restore a corrupted database.
Could you elaborate on this and how one can implement for a backup? How does one find the right json file that’s on your machine (after its been synced) ?
The current export to json should be replaced by an export in json where the content is encrypted by your master password. That json file can be saved anywhere. Even in less secure locations.
Encrypting the backup could be optional.
When importing, you just point to the file. Bitwarden will ask for your master password to decrypt the file.
The code to encrypt can be borrowed from standard notes, or Joplin app, which does something similar.
Another simple option I use is to open a “virtual drive” (VeraCrypt, e.g.). Export directly into the virtual drive. Then close the drive and its as secure as you will ever need. Its very easy to copy the 50-150 meg virtual drive to numerous USB’s so even those are backed up in case a hard drive craps out.
I understand what you are saying. In the meantime at least I am secure and my solution (for me anyway) is completely portable among all my machines. The way BW inter-device syncs via the Microsoft Azure cloud makes portability mostly moot. A USB stick (multiple ones of course) means I will never lose access to my vault data, AND no other human being will have access to my encrypted file. Virtual drives are easier and smarter than something like a 7zip, IMO. Simple and safe.
Is there any update/news on this? Ideally I’d love to be able to export my vault encrypted, as it is, with my BW PW?
That way, I can use the CLI to automate backing up my vault to my storage device that is 3-2-1 backed up.
The vault is already encrypted with my BW PW. If I can just export it as a file, in whatever format, then I can make backups of it. When/if I need to, I can import it into any BW instance and decrypt it with my BW PW.
I know I can already export the unencrypted file using CLI and then encrypt but this is not practical for an automated backup solution.
@Franky_FFV it’s on the docket for this calendar year. A few other items coming before it, next up being our “soft delete” aka “Trash Can” feature, as well as auto-logout/2FA vault access.
Configurable KDF rounds for an encrpyted export would also be nice. If it’s used as a backup, taking a while is not an issue. Cranking away stretching the key for a few minutes would be fine for me.
I don’t know if it’s planned too (?), but if possible I would like to be able to do the encrypted export from the iOS app, not only from the web vault.
Anyway, hope this feature will come soon. Thanks to the team for their work.
CSV already supports column/row delimiters in the data.
eg
raw text: hello,world
csv: “hello,world”, anotherfield
raw text: they said “hi”
csv: “they said ““hi”””, anotherfield
If the import or export system does not properly escape like this, then they’re not truly “csv”, but some random implementation of comma delimited data.
So it is one the road map to maybe arrive in another 18 months or so, at least that is something.
I think that this feature, which is trivial to implement looking at the code, is a business problem for bitwarden because it comes awfully close to keepass style where you just “sync” by saving to your own cloud drive/storage and never need bitwarden servers ever again for anything, nor would you have to self host. It renders server side obsolete.