Is everything you add to a Bitwarden vault encrypted?

Have you ever wondered if everything you add to your Bitwarden vault is encrypted?

All Vault data is encrypted by Bitwarden before being stored anywhere. To learn how, see Encryption.

This includes URLs stored with vault items, have other questions? Let us know.


But is it encrypted on the client?

I’m here as a LastPass migrant.

LastPass also said all their data was end to end encrypted but it now transpires (after a serious breach) that it wasn’t. A bunch of hackers now know which accounts I have and the url’s thanks to LP.

I don’t blame LP (much) for the breach as it is just a matter of time before any password manager gets breached but I don’t forgive them for lying about encrypting all the data.

BW is open source so someone will know if BW really are encrypting everything (using only my master password) on the client.

Hey there, great question, you can export your vault data as an encrypted .json file at anytime to confirm that all the entered data is encrypted.

You don’t have to rely on others to look into this for you. You can literally open the encrypted vault and look for yourself (see here for an example). The vault data file is called data.json, and its location is provided in the Bitwarden documentation.

Unsure if it’s been talked about before, but I’d like having attachment metadata - url, size, sizeName, profile fields - name, email, and settings fields encrypted in that data.json file.

I see this as extra defense in case of service breach and encrypted vault exfiltration.