@Enviably1875 Welcome to the forum!
I’m not sure if I can answer your question completely. I’m no cybersecurity expert, but I think it’s safe to say that there is no 100% certainty/security here… Anyway, I think the short answer is: if you only consider Bitwarden now, then all your data is stored encrypted locally (Security FAQs | Bitwarden), so in theory, the only thing someone potentially gets should be encrypted data…
But I guess, that – and how strong it (still) is encrypted – depends on some thing you can influence, like
- choosing a strong master password
- choosing a “strong” unlock method (I don’t know how it is on Linux, but just recently it was discussed, that a good PIN is stronger – at the moment – as Windows Hello biometrics)
- when you use PIN unlock, then with “Require master password on browser restart” is the more secure option
- a short vault timeout period (–> I added that, because an unlocked vault has data unencrypted in memory – a locked vault not – and if you’re logged out, then the “local vault copy” is even deleted)
- Argon2 as KDF
- …
See also:
- Bitwarden Security Whitepaper | Bitwarden
- Data Storage | Bitwarden → in the section “On your local machine” you can see the folder paths
- Someone wrote a “Bitwarden Hardening Guide” a while ago… - that also has some good ideas in it about what can be done on your side. But not everything is correct in there, so make sure to also read the comments below there! (PS: Ah, and a lot of the things mentioned in there don’t influence the encryption, but serve other purposes.)