Feature name
Backup/restore procedure for the encryption key.
Feature function
Add a mechanism to backup of the encryption key, which yields some binary blob with that key.
This encryption key will allow to recover the Bitwarden vault as long as the encryption key is not rotated --which would only be done rarely and explicitly by the owner.
Of course, this also needs a way of accessing with the encryption key, which may or may not result in he user introducing a new passphrase.
Additional thoughts
I have two use cases for that:
- I want to configure Bitwarden to my elderly, but I don’t want to have access to their passphrase. I need a way to backup their access (in case they forget) but I don’t like the idea of them writing down the password; moreover, if they write down the passphrase and after that they decide to change the password, the account will be lost. Which is a worst case scenario.
- I don’t like the idea of writing down my passphrase --it is personal on many layers-- but I want to have a way to give access to my Bitwarden (think dementia, decease, will, etc.). Putting the encryption key --inside a QR, in an engraved metal sheet, in some papers in some vault, whatever-- is a low-tech traditional way to achieve this.
Am I having a XY problem? Is there a better way to achieve those goals? Is there a big problem with my approach? I know that it is a security issue, as all backups are, but the Bitwarden system already has a way to mitigate it: encryption key rotation.