Procedure to backup/restore the encryption key

Feature name

Backup/restore procedure for the encryption key.

Feature function

Add a mechanism to backup of the encryption key, which yields some binary blob with that key.

This encryption key will allow to recover the Bitwarden vault as long as the encryption key is not rotated --which would only be done rarely and explicitly by the owner.

Of course, this also needs a way of accessing with the encryption key, which may or may not result in he user introducing a new passphrase.

Additional thoughts

I have two use cases for that:

  • I want to configure Bitwarden to my elderly, but I don’t want to have access to their passphrase. I need a way to backup their access (in case they forget) but I don’t like the idea of them writing down the password; moreover, if they write down the passphrase and after that they decide to change the password, the account will be lost. Which is a worst case scenario.
  • I don’t like the idea of writing down my passphrase --it is personal on many layers-- but I want to have a way to give access to my Bitwarden (think dementia, decease, will, etc.). Putting the encryption key --inside a QR, in an engraved metal sheet, in some papers in some vault, whatever-- is a low-tech traditional way to achieve this.

Am I having a XY problem? Is there a better way to achieve those goals? Is there a big problem with my approach? I know that it is a security issue, as all backups are, but the Bitwarden system already has a way to mitigate it: encryption key rotation.

Why not buy a family plan and share those items? If you both manage the organization and or collection than you both have access.

Another option would be to have them write down the password on paper, put in a sealed envelope and store that in a safe location outside their house for emergencies.

It all comes down to trust.

1 Like