Hi everyone,
I moved some logins from my vault to the organization that I own. My question now is if I can move them back from the organization to my vault. I’ve been trying for days but I don’t find the way, maybe is not possible??
Thanks a lot
Hello @Simo and welcome to the community,
Due to the nature in how items are encrypted from your individual vault and then encrypted with an Organizational Vault for sharing purposes, items that are Moved into an Organization vault from your personal vault are essentially “owned” by that Organization at that point.
What you can do though as an Owner of your Organization, is clone the items in your Organization vault and then clone these to your personal vault.
Since these are Organization owned items you will need to clone them from the Organization vault view in the Bitwarden web-vault.
After these items are cloned into your personal vault, you can then delete them from the Organization vault.
One other thing you may due depending on how many logins you are attempting to move back into your personal vault, you can try to export these from the Org and then back into your personal vault.
You may need to first condition some of the formatting from the Organizational Vault export to be compatible with an Individual Vault import depending on if you export to .csv or .json
How is it that Org items are encrypted? they are still safe to store in an org as normally?
the phrase makes me a bit worried
Short answer,
Yes!
Vault items are absolutely still fully encrypted and safe to store in an Organization.
Long answer,
Encryption is complicated.
Individual vault items that are “moved” to an Organization have to be encrypted with the Org’s Symmetric Key (as I understand), which is then shared between users of the Org with a combination of public/private RSA keypairs.
As detailed
More specifics can be found in the Sharing Data between Users section of the Bitwarden Whitepaper, which also notes a new form of RSA public/private key pairs
Note
The mid 2021 release of Admin Password Reset introduced a new RSA public/private key pair for all Organizations. The private key is further encrypted with the Organizationʼs pre-existing symmetric key before being stored. The key pair is generated and encrypted client-side upon creation of a new Organization, or for an existing Organization upon:
- Navigation to the Manage→ People screen.
- Updates to anything on the Settings→MyOrganization screen.
- Upgrades from one Organization type to another.
More details of which can be found in the encryption section of the Admin Password Reset feature.
No, you cannot bulk clone items.
@grb
Can I export my org’s items and import them into personal vault then? I noticed Org’s export json has extra propetries (like the org string) – would that be an issue?
Thanks
That is essentially the work-around that was proposed in the originally posted solution for this topic. I have not tried it myself, but it seems that it worked for the OP.
1 Like
Did the transfer of the Org vault import to your personal vault go 100% smoothly?
The export json for the org has extra fields. So, I was wondering if there are any issues transferring the Org json backup to a personal vault.
Thanks!