do you mind sharing the script ? I am struggling with my tries of doing it automatic

@jhonattansouza i dont mind sharing. I'm busy at the Moment, but i'll write a comment as soon as i got access to the script and made it a little more accessible, cause i'm Working with absolute paths atm. I'll get back to you!

no worries ! thank you , i appreciate it

Same but I just use ttionya docker image instead along with vaultwarden

@___aZa___ 100% solid way to do it. I was actually using offen (docker-volume-backup) that would automatically do this for me. Then I had a script that would encrypt, and scp the backup to a few locations. But when I actually needed to use it a month after restoring the export and decrypt it to see if I could get my attachments… I had the encryption key as an attachment in Bitwarden 🤡 so it was gone. I'm going to share that in a bit more detail in a future video because I think it's important to account for different situation and have an “out-of-band” restore/recovery method.

You're welcome! I figure it was worth sharing and highlighting. Mine as well try to turn a mistake into a learning experience for others.

With keepassxc you can have it create a backup every time the database changes.

That's a hell of a tip and an easy mistake to make.

It's funny, but I did have that. I just used the export method since I was doing a migration and both instances were running. But here's what happened (copied from another comment): I was actually using offen (docker-volume-backup) that would automatically do this for me. Then I had a script that would encrypt, and scp the backup to a few locations. But when I actually needed to use it a month after restoring the export and decrypt it to see if I could get my attachments… I had the encryption key as an attachment in Bitwarden 🤡 so it was gone. I'm going to share that in a bit more detail in a future video because I think it's important to account for different situation and have an “out-of-band” restore/recovery method.

As recommendation backup your most important keys/passwords seperately on a hardware encrypted usb stick or drive and put it in a safe deposit box. That you have a way to restore your encrypted (online) backup if all your devices with pw manager get stolen or break

In the future, I will definitely be doing this. Image the server, zip it up, and store it away somewhere before erasing.

It's definitely worth keeping in mind. While the chances are low anything would happen to your attachments, the possibility is there.

You're correct, they do. But that's only when you use their hosted vault. I was self-hosting, so all the files were on the hard drive connected to my raspberry-pi.

You're welcome and good idea!

I was using docker volumes which you can't just copy to a new machine. I tried to set up Bitwarden initially using a local mount, but the container would throw errors.

@@sideofburritos I rarely use docker volumes and do bind mounts to a folder on the host machine. Try using vaultwarden and/or double check your configuration.

@@sideofburritos Did you make sure you weren’t running into permission issues?

​@@Jad2410 As far as I know, the permissions were correct on the actual host path (docker had ownership like I've configured for other containers). If I encounter issues that early on with using a host path, I usually just stick with docker volumes to avoid future issues.

@@sideofburritosI've been using vaultwarden for over a year now with bind mounts. There has never been a issue using it that way and it's survived a machine move.

Nice! Glad to see it will be added soon, much needed. Eh, if you're using their cloud hosted vault the export is your only means of a backup.

Yes. Regular users that don't self-host have to manually download each attachment if they truly want to backup their vault. This is really an incomplete feature that got the "MVP" (Miinimum Viable Product) treatment by the product management. As in what is the least amount of work and functionality possible to call the development effort "complete" and ship the product. Also, Bitwarden doesn't care about individual users. They only care about problems their corporate enterprise customers have. And those all do system image backups on premises of their self hosted systems or rely upon Bitwarden to do that for them with the cloud hosted vault. Bitwarden decided backing up self hosted vaults is not their problem to solve and declared it "out of scope" to conveniently absolve themselves of any architecture, design, or engineering lapses or defects.

@mike80808 wow okay, that just irradicates Bitwarden as a password manager completely, currently i use KeePass which is way better for advanced users anyway, but trying to convince friends of easy open source solutions is hard and i think Bitwarden just died as a password manager for me

Bitwarden just made public, that export of attachments is going to come. (see their current roadmap and a corresponding thread on their community forum)

@@unmapped89361 im also waiting for the ssh key integration which they announced afaik

I also use Keepass file on cloud storage and that works without any issue.

KeepassXC?

After reading your comment and others, I think this is the route I will be going.

@@sideofburritos I have to thank... This is an important point that you discovered...

@@lussor1 Yea, KeePassXC for desktop. Then there are other versions if you want to access a copy of it on your Android device, like KeePassDX

Thank you, and you're welcome!

You're welcome! I was hoping sharing my mistake could help some others. Judging from the comments, it sounds like it has.

That's a very interesting point. Living in the US, I never consider that. I'm surprised this hasn't been a problem for them in the EU.

You're welcome. That was why I wanted to share it. It's an easy mistake anyone could make. I agree about KeePass. While it's a great option for some, it's easy to mess up and lose everything. But, the simplicity of it is also a beautiful thing.

Technically yes, but there should also be an encrypted option which would include the attachments secured similarly to the .json file when selected.

Seems, they're going to implement exactly that. See the corresponding thread in the community forum.

Why would you want use Bitwarden over Vaultwarden anyway? Bitwarden is a resource hog compared to Vaultwarden.

@mudi2000a some things (like a password manager) I try to stay as close to the original company/source as possible. Even if it's a trusted fork.

@ that is understandable. In any case Vaultwarden is not a fork but a complete reimplementation in Rust.

@@mudi2000a Whatever you want to call it, it's still an unofficial client.

Not a client, VaultWarden is a drop-in replacement for the server!

Thanks for subscribing! I might test it, but I wouldn't use it. Here's a copy/paste from another comment that asked about it - For better or worse, I've been trying to avoid putting all my “eggs in one basket”. So for that reason, I don't use their password manager.

Thanks for sharing! I definitely will from now on. I was using it for the same purpose as you, for registration keys. Thankfully I also added the registration details to the item in my vault, then attached the receipt/registration details as a reference. So while that's gone, I still have my keys.

@@sideofburritos I've gone full-time leenooks so at this point I have one software license to worry about. A couple of Nuance speech engines (I'm legally blind and espeak and friends sound like crap.)

You're welcome!

You're welcome!

You're welcome! I still think it's a great product, just something to keep in mind while using it.

That's the best way to do it for complete, regular backups. For this since I was just doing a migration and I had the old and new instance running, it seemed more convenient.

@@sideofburritos makes sense! I totally agree with your video though. There should be a way to backup/export attachments.

You're welcome!

6 years and counting, I would hope so.

Yup, not good 🤓

It sure is, haha. The part that I need to improve on is how long I keep data after a migration. I'm quick to delete old data (lesson learned). I actually still have a full backup of the data stored offsite, but I'll be sharing in a future video how I screwed myself there. #1 lesson, test your backup strategy and account for failures. Thanks for the tips!

Welcome!

It's on their roadmap now and in developement.

@unmapped89361 have seen multiple really big (mostly simple) requests hit their roadmap only to be shelved again and again. The auto fill for non supported fields, unified is also years behind original estimates.

@@dasGieltjE Yeah, that has some truth to it. Though, they changed their roadmap "strategy" - formerly, they also listed there some things they would only "research". Now, they list only things, that already are in active development. So chances are, that those things very likely are going to come.

For better or worse, I've been trying to avoid putting all my “eggs in one basket”. So for that reason, I don't use their password manager. A bit of a tangent, but I'm also annoyed they keep launching new products instead of working on their existing products (like the Android Mail app). Last time I checked, the iOS app has features that the Android app is missing. I get it from a business perspective, the more products the more user lock in. But it's unfortunate as an existing customer.

If you're using the “Secure note” feature in Bitwarden, those get backed up. If you add an attachment to a note, that won't be backed up.

I've used Standard Notes for my notes, which is owned by Proton now. It isn't integrated, so I don't have access to all the features yet.

I have, unfortunately how I erased it I wasn't able to get any usable data.

@@sideofburritos There are many shops that specialize in recovering data, maybe if it's only a few MB they could do something

You're welcome!

☕

Absolutely that's a Bitwarden issue. If their backup feature doesn't back up everything in a vault (without warning) that's a failure. What about those that use the cloud hosted version? They have no way to back up their attachments since they have no control over the cloud instance.

@@sideofburritosisn’t the whole point of using Bitwarden that you DON‘T want to use a cloud solution?

@@mudi2000a No. For a lot of people they use the hosted version which is perfectly fine. It's a great option for a lot of people, and many don't want to have the major responsibility of being responsible for their password vault data.

@ sure. But if you use a hosted version there are a plethora of services to choose from. Of course still Bitwarden can be the best choice.

Few things: - Valid point on the title, I'll think about changing that. For cloud users export === backup. - Pretend someone isn't self-hosting. Do you think it's viable for them to manually export every attachment from their cloud hosted vault? How to they back up their passwords/attachments? - I had automated backups of the volumes, I just screwed up something when I needed them, which I'll share in another video. I opted to use the export feature because it was simpler when migrating. It wasn't a disaster recovery scenario. I still don't think that's an excuse for their export feature not to work as expected. - Bitwarden was having strange issues when I used a local mount initially, it only worked with volumes.

@@sideofburritos i get your points and but have a gut feel those cloud users don't care about backups.. anyway i mapped the container's /data and back that up, perhaps can get them to word as "Export (without attachments)"

​@@SEOng-gs7lj I have no doubt that 99% of the people that use SaaS solutions don't care about backups. I do hope to get at least a few people to think about it by mentioning it though. Too many people think “the cloud” is invincible.

Nice catch, forgot to remove that. I'll leave it 😂

and keep the cleartext files folder in google cloud, because you have nothing to hide

I honestly know a lot more people who lose their accounts by attempting batman level security ; having a 20-character master password with symbols and digits; storing the master password in a veracrypt container, and storing the password for veracrypt in a self hosted server; and then have 2 factor authorization for the password manager with the tokens of authenticator apps being uploaded into another encrypted cloud whose password is stored in another veracrypt container. Yeah same way far more people lose their crypto money by losing the phone that had their Bitcoin wallet and not remembering where they saved the seed; rather than keeping it in an exchange

@@FalconFernando do you comprehend difference where individual loses his access to entity and where someone intercepts your credentials written in plaintext and steals everything from you?

@@FalconFernando The problem is if it's not your keys it's not your money. Exchange could got rogue or get hacked like MtGox

@@Coaxalis password123

I completely disagree with you. Who says it's bad practice to store files in your password manager? If that were the case, it wouldn’t be a paid feature. Their main webpage explicitly states, 'Securely encrypt files or text,' and the individual file limit of 500 MB reinforces this functionality. Storing sensitive files in git is far less secure since everything is stored in clear text. Additionally, they recently commented on the thread I referenced, confirming that attachment backups are on the 2025 roadmap. Not including attachments in the export isn’t meant to imply that attachments shouldn’t be used. It’s a shortcoming in Bitwarden’s implementation.

​@@sideofburritos The best practice i speak of is more for Site Reliablilty Engineering were you try to keep your infrastructure decoupled from things like secrets and hardware. You keep your configuration files such as ansible, kube and shellscripts in git and interpolate in secrets using a secrets manger such as hasicorp vault. This allows you to decouple your infrastructure as code from secrets preventing errors that come while updating your configurations. I just can't think of a use case for your requested feature maby you are keeping different types of files in your vault such are hardware firmware, and router snapshots? In that case I would encrypt the snap shots and store them on a NAS or using gitlab runners to create a artifact in a repo, then only keep the encryption key in the bitwarden vault this will decouple filebackup and secret backups. I understand this is all overkill for homelab, I was just trying to explain why this has not been a focus on bitwarden they want to appeal to enterprise customers first then consumer level next.

@@AundreL From that perspective, I completely agree with you. That is indeed the way it should be done. Regarding backups, I copy them to my NAS and then to a remote location. However, I'll explain in a future video why those weren't usable after I erased my drive. Hopefully another useful learning experience for others. For my personal password vault, I stored files like pictures of my identity documents, which are helpful when traveling in case I lose the physical copies. Additionally, I kept confirmation emails with license keys in case I needed to provide them to a company in the future. I also included SSH keys (which you mention could be in a text field, true) so I could easily download and use them if I didn't have my personal computer.

Thanks. At least it made for a good video topic 😂

I mentioned it was on me in the video :D The self-hosting guide does mention backing up shares, which covers multiple users. But let's pretend you're just one user or using the hosted version of Bitwarden. Using the export tool is the documented procedure - bitwarden.com/resources/guide-how-to-create-and-store-a-backup-of-your-bitwarden-vault/#exporting-your-bitwarden-vault “Because this vault copy is intended for use as a backup to restore a Bitwarden vault in case of being locked out, it’s best to choose the .json export format. When importing a Bitwarden .json vault file, it will give you a vault identical to the original vault at the time it was exported.”

I know, gotta read it more for simple features 😢

Never a fun one 🙃