- Backup data to DropBox
- The usual benefits of backups.
Related topics + references
It’d be nice to have both a scheduled and on-demand backup to other cloud services, of out BW data in case of any catastrophic event on our self-hosted vaults. Backup to DropBox, G Drive, etc.
There’s a script already made (that I haven’t tried out due to me using the MySql option for my data rather than the sqlite option, and it only supports the sqlite option) but it would be nice to have it baked right into the vault itself, with the option to run it on a schedule, i.e. do a backup once a week to a dropbox folder, with a max number of x backups. With the option of course to do a manual backup at the press of a button since the backup backbone would already be there.
My impression is that most individuals who self-host do so precisely because they do not trust cloud services, so this is a curious request.
True. In that case since it’s optional they don’t have to use it.
Aside from that though, the data is already encrypted by BW, and the github code also encrypts it again, thought it isn’t really necessary, so as previously mentioned, it’s a ‘failsafe’ in case of catastrophe wherever it’s hosted locally.
It’s a common security recommendation to have backups of your important data in several offsite locations.
Another perspective is; most people feel having data like this hosted by the single site that makes the software is what they’re not so comfortable with, so they host their own. In this case, you still host your own, and send a backup to a completely unrelated site than the software developers’ own cloud/service.
I’d say having a password manager send data to its own cloud via its own software with only the users trust that they are doing the right thing (see LastPass) and a self-hoster saving a backup file they know is properly encrypted to a cloud service are really not that comparable.
At some point consideration should be given about what kind of compromise between best security practices and best backup retention practices works best for each user. Giving the user more choices can help them make the compromise they feel best about.
Since it would be optional if someone really doesn’t want to use it they don’t have to.
Exactly, thank you.
Also, as an example, in my own case, I’m hosting it all on 1 PC (docker BW and the Mysql server that stores my data) in my own house; what if I was out somewhere, came home to find my house burned down and PC melted into oblivion? There go all my passwords.
At least if BW automatically sent nightly backups to my offsite DropBox, I’d always be able to recover them.
Just an FYI, as it may assist if you don’t currently have any type of off-site backup.
Bitwarden already performs nightly backups of the SQL database, so you can simply use something like rclone to sync to a remote host. Even supports a local client-side encryption prior to upload.
Alternately you could use the original Dropbox uploader tool used within the GitHub script you already linked. (Which actually is a backup tool for a 3rd party service, not affiliated with Bitwarden and why it would not work for your MySQL, but expects SQLite)
I haven’t personally used the Dropbox uploader tool, but it should also work to directly tie into Dropbox it appears.
As always, so your own due diligence to vet your tools. Hope this helps
Thanks for the heads up.
Yep, I had already looked into those scripts before posting (been awhile since I’ve looked at them though, so I forget offhand all their details) but remember them only working with the sqlite BW backups, so if I wanted to use them I’d have to take time out to go into developer mode and finish coding the mysql part myself, which I honestly just don’t have time for these days.
Same sorta goes for rcloning to dropbox; I’ve never used rclone, so there’s a learning curve there to get all of that working, and even if I did eventually get it all sorted out, it would only benefit me. Other users of BW who may like that feature would then have to go through all those same motions piecing together a way to do it, and I figured it’d be nice/convenient if it was just baked right into BW itself in the options, so the user could simply “check a box” to enable it.
+1 for more sync options
Dropbox would be at the top of my list.
I want my data stored somewhere other than Bitwarden servers so a direct read/write of the vault similar to how 1Pass did it in the past.