Useful repository for automatically backing up vault on Windows hosts

I wanna share with the community, a repository (which I found very useful) that offers a simple and fast solution to automatically back up your Bitwarden vault—exclusively for Windows devices. :desktop_computer:

:small_blue_diamond: For non-technical users: If you’re not an IT expert or don’t have the time to figure out automation scripts, this is for you.
:small_blue_diamond: No complicated setups, just straightforward protection for your vault

:floppy_disk: Backing up is critical and this procedure ensures you stay prepared even in the face of unexpected account issues

@Emiliano Welcome to the forum!

Thank you for sharing a link to your repository. You should be transparent about the fact that you are the author of this code.

I also have a few comments:

In the README, you have claimed:

Recently, I learned that many accounts from popular password managers are being unexpectedly and inexplicably deleted. This, of course, has a devastating and serious impact and should be avoided at all costs.

Since your tool is specifically designed for Bitwarden, one must presume that you are claiming that “many accounts” of Bitwarden users “are being unexpectedly and inexplicably deleted.” Please provide some evidence to support this accusation, or delete the claim if it is unfounded.

 

This is not safe advice for non-technical users. No one should be entrusting their password vault security to a third-party tool, unless they are able to review or understand the source code (or are able to rely on a trusted expert to perform this vetting).

I haven’t read your script in detail, but it seems to rely on storing the master password and export file password as environment variables in Windows. One should have a clear understanding of the security implications of doing so before attempting it.

Finally, you should make it clear to users that your script will not back up any organization data or any file attachments.

@grb Thanks

I do not think that’s relevant

I don’t think you understood the sentence, even though it is written in proper English.
I stated that many accounts from various password managers (note the plural here) have been impacted; this does not mean that Bitwarden is included.
You are the one drawing incorrect conclusions. I am responsible for what I write, not for what you understand.
In any case, to avoid misunderstandings, I have clarified this sentence further in the README.

Then you should have read the source code instead of complaining here, because every step is clearly explained and commented. Secrets are saved inside Windows Credentials Manager, not as environment variables.

Is that safe? Absolutely yes.
Protection through the operating system:
Credentials stored in the Windows Credentials Manager are encrypted using the Windows Data Protection API (DPAPI). This means that only the user who saved the credentials can access them, and only from their own Windows account.

Restricted access:
Only applications with the correct permissions can access the Credentials Manager. This reduces the risk of unauthorized access.

Native integration:
As a tool integrated into the operating system, it benefits from Microsoft’s security updates and pre-implemented controls.

Finally, even if someone or something were to compromise the account, the exported files are encrypted at rest — including within the Credentials Manager.

Again, go read the README, because it clearly specifies that these are personal vaults (point number 3: obtain the personal API credentials from Bitwarden).

Anyway, this relentless criticism of a simple and straightforward utility, whose sole purpose is to assist those who lack the technical skills and/or time to find an automated vault backup solution, is inexplicable.

Now I understand why the open-source world is in decline and contributors are becoming fewer and fewer. You take away the motivation and joy of collaborating within the open-source community.

And it doesn’t even seem respectful towards someone who has spent time and resources creating it (in this case, me, since you were so eager to clarify).

We all have jobs and commitments, and I certainly didn’t enjoy spending hours of my valuable time only to hear complaints from someone who didn’t even bother to understand how it works technically.

Therefore, this will be my last response on this topic. I remain open to constructive discussions for those interested, within GitHub. Have a great day, everyone.

This topic was automatically closed 60 minutes after the last reply. New replies are no longer allowed.

It’s relevant insofar as the forum rules prohibit self-promotion.

It would also be a good idea for you to review the community guidelines about respectful communication.

Of course, I suggest you to do the same. Thank you

2 Likes