In the Bitwarden thread I mentioned in the video, someone commented that exporting attachments is on the 2025 roadmap. I believe this was noted before the video, but either way, it’s great news! - community.bitwarden.com/t/allow-attachments-to-be-exported-when-using-export-data/835/81
I host my Vaultwarden instance with docker. To make backups, i always stop the container, tar all files into a tarball and save that tarball into a folder thats being synced to my NAS. After creating the tarball, i start the container again. all automatic at 4AM everyday. Works perfectly for me, but i think Bitwarden needs a better backup integrated.
@jhonattansouza i dont mind sharing. I'm busy at the Moment, but i'll write a comment as soon as i got access to the script and made it a little more accessible, cause i'm Working with absolute paths atm. I'll get back to you!
@___aZa___ 100% solid way to do it. I was actually using offen (docker-volume-backup) that would automatically do this for me. Then I had a script that would encrypt, and scp the backup to a few locations. But when I actually needed to use it a month after restoring the export and decrypt it to see if I could get my attachments… I had the encryption key as an attachment in Bitwarden 🤡 so it was gone. I'm going to share that in a bit more detail in a future video because I think it's important to account for different situation and have an “out-of-band” restore/recovery method.
Thanks for the reminder, will have to back up my attachments. Thanks for being transparent about your mistakes so many of us will not have to learn the hard way.
It's funny, but I did have that. I just used the export method since I was doing a migration and both instances were running. But here's what happened (copied from another comment): I was actually using offen (docker-volume-backup) that would automatically do this for me. Then I had a script that would encrypt, and scp the backup to a few locations. But when I actually needed to use it a month after restoring the export and decrypt it to see if I could get my attachments… I had the encryption key as an attachment in Bitwarden 🤡 so it was gone. I'm going to share that in a bit more detail in a future video because I think it's important to account for different situation and have an “out-of-band” restore/recovery method.
As recommendation backup your most important keys/passwords seperately on a hardware encrypted usb stick or drive and put it in a safe deposit box. That you have a way to restore your encrypted (online) backup if all your devices with pw manager get stolen or break
I learned one important lesson last month: Keep an image file of your backup, eventhough you think you got everything. It is easier to miss something than you think… :(
Thank you for your sacrifice, although I don’t self host it’s definitely got me thinking. I might look into some of the services I already have and tap into them.
attachements missing is such a mess. i knew of this "bug" from the beginning , coming from keepass where i used them a lot this is bad. now i avoid uploading files and only use bitwarden as pw manager. 2fa is now taken care of by ente auth. 2fa recovery are stored on a extra proton pass and nothing else.
I also don't like bitwarden bacause of attachments, but I use it with my wife to share some password. The attachments are always loaded from the server, and the most common case is that sometimes I show the copy of my passport in different places, and every time I need to load it from my server, which takes some time or impossible, if there's no network coverage in the place where I am. Storing document copies somewhere else might be a good idea, but it's not convenient. Also I like to store other documents in the password manager. That's why keepass in 2025 is still worth it in some aspects.
From my understanding those attachments live on their cloud service in encrypted storage. (Size depends on paid service) should those files not still be downloadable from them? Did I read their documents incorrectly?
You're correct, they do. But that's only when you use their hosted vault. I was self-hosting, so all the files were on the hard drive connected to my raspberry-pi.
This is way I use containers and just stop the running container move the container and it’s folders to a new machine then start the container on that new machine.
I was using docker volumes which you can't just copy to a new machine. I tried to set up Bitwarden initially using a local mount, but the container would throw errors.
@@sideofburritos I rarely use docker volumes and do bind mounts to a folder on the host machine. Try using vaultwarden and/or double check your configuration.
@@Jad2410 As far as I know, the permissions were correct on the actual host path (docker had ownership like I've configured for other containers). If I encounter issues that early on with using a host path, I usually just stick with docker volumes to avoid future issues.
@@sideofburritosI've been using vaultwarden for over a year now with bind mounts. There has never been a issue using it that way and it's survived a machine move.
Hey, important topic! Though, the title is a bit misleading, as it is not a "backup" function per se, but an export function. And: they are going to integrate export for attachments! See in the Community Forum and on their new January roadmap there.
Yes. Regular users that don't self-host have to manually download each attachment if they truly want to backup their vault. This is really an incomplete feature that got the "MVP" (Miinimum Viable Product) treatment by the product management. As in what is the least amount of work and functionality possible to call the development effort "complete" and ship the product. Also, Bitwarden doesn't care about individual users. They only care about problems their corporate enterprise customers have. And those all do system image backups on premises of their self hosted systems or rely upon Bitwarden to do that for them with the cloud hosted vault. Bitwarden decided backing up self hosted vaults is not their problem to solve and declared it "out of scope" to conveniently absolve themselves of any architecture, design, or engineering lapses or defects.
@mike80808 wow okay, that just irradicates Bitwarden as a password manager completely, currently i use KeePass which is way better for advanced users anyway, but trying to convince friends of easy open source solutions is hard and i think Bitwarden just died as a password manager for me
Bitwarden just made public, that export of attachments is going to come. (see their current roadmap and a corresponding thread on their community forum)
I know this may seem like a pain but i keep my attachments sepreate from bitwarden and use safe space from Fdroid for that just incase bitwarden goes down or changes policies i dont like. And safe space allows exports in zip backup
The funny part is they are obligated by law to let users export all their data in a machine-readable format for EU users for their own SaaS instance under GDPR.
Thanks for the video. I could have made the same mistake, I wanted to switch to Bitwarden (self-hosted, or not) several times, but I never did because I'm addicted to the autotype function of Keepass XC. I would not recommand Keypass to beginner, as you must know what you are doing with sync, merging, etc... and more importantly you are responsible of your backup. For this I think I'm a little paranoid, and have enough backup and history of my keepass vaults.
You're welcome. That was why I wanted to share it. It's an easy mistake anyone could make. I agree about KeePass. While it's a great option for some, it's easy to mess up and lose everything. But, the simplicity of it is also a beautiful thing.
Thanks for subscribing! I might test it, but I wouldn't use it. Here's a copy/paste from another comment that asked about it - For better or worse, I've been trying to avoid putting all my “eggs in one basket”. So for that reason, I don't use their password manager.
I used to use 1Password, starting with like version 1.3 or something, way back when MacHeist blah blah… I used to attach PDFs or images to a lot of my stored secrets with things like license keys or similar. When the pricing structure changed for 7 so that 1P cost more to self-host than to sASS, I did have to upgrade because Apple, but I went looking for alternatives. Bitwarden was it. It was then I discovered that my attachments were all mangled. And mangled in my 7.0 backups, too. Took me long enough to discover and migrate to Bitwarden that I no longer had any 6.x backups, but I suspect the old attachments were lost long before that. I was lucky in that I could find most of what I'd made those attachments from for anything I still cared about. I lost reg keys for a couple of programs I mostly didn't use anymore. But it could've been much worse. So check your attachments regularly, regardless. And keep separate backups of them with Bitwarden for now!
Thanks for sharing! I definitely will from now on. I was using it for the same purpose as you, for registration keys. Thankfully I also added the registration details to the item in my vault, then attached the receipt/registration details as a reference. So while that's gone, I still have my keys.
@@sideofburritos I've gone full-time leenooks so at this point I have one software license to worry about. A couple of Nuance speech engines (I'm legally blind and espeak and friends sound like crap.)
Oof. Just thinking about your situation makes me nauseous. 😱 I would have made the very same assumption. Thanks for giving me things to consider with my own vault.
That's the best way to do it for complete, regular backups. For this since I was just doing a migration and I had the old and new instance running, it seemed more convenient.
Managing data is something you learn the hard way. It is not about the application, it is about how you handle the data. Never ever delete your data the first year after migration, keep it on at least 2 different places and test the recovery process at least once. And even then you may still lose your data as there is no such thing as “covering all possibilities” 😅
It sure is, haha. The part that I need to improve on is how long I keep data after a migration. I'm quick to delete old data (lesson learned). I actually still have a full backup of the data stored offsite, but I'll be sharing in a future video how I screwed myself there. #1 lesson, test your backup strategy and account for failures. Thanks for the tips!
@unmapped89361 have seen multiple really big (mostly simple) requests hit their roadmap only to be shelved again and again. The auto fill for non supported fields, unified is also years behind original estimates.
@@dasGieltjE Yeah, that has some truth to it. Though, they changed their roadmap "strategy" - formerly, they also listed there some things they would only "research". Now, they list only things, that already are in active development. So chances are, that those things very likely are going to come.
For better or worse, I've been trying to avoid putting all my “eggs in one basket”. So for that reason, I don't use their password manager. A bit of a tangent, but I'm also annoyed they keep launching new products instead of working on their existing products (like the Android Mail app). Last time I checked, the iOS app has features that the Android app is missing. I get it from a business perspective, the more products the more user lock in. But it's unfortunate as an existing customer.
that is not really the bitwardend issue. When I copied bitwarden I copied the docker container, especially the permanent volume for bitwarden. I do not like the backup restore because it does not put to the categories but all to uncategorized folder...
Absolutely that's a Bitwarden issue. If their backup feature doesn't back up everything in a vault (without warning) that's a failure. What about those that use the cloud hosted version? They have no way to back up their attachments since they have no control over the cloud instance.
@@mudi2000a No. For a lot of people they use the hosted version which is perfectly fine. It's a great option for a lot of people, and many don't want to have the major responsibility of being responsible for their password vault data.
Your video title is misleading, it's "Export vault", not "Backup vault"... Does "The Big Problem with Bitwarden Exports" still sound like a big problem? First thing that struck me, your backup isn't automated, that's why you never had to scale up (and could rely on BW's backup). Imagine the nightmare if we had to use every app's different built-in method to backup... when using docker, give it an external data folder and back that up instead...
Few things: - Valid point on the title, I'll think about changing that. For cloud users export === backup. - Pretend someone isn't self-hosting. Do you think it's viable for them to manually export every attachment from their cloud hosted vault? How to they back up their passwords/attachments? - I had automated backups of the volumes, I just screwed up something when I needed them, which I'll share in another video. I opted to use the export feature because it was simpler when migrating. It wasn't a disaster recovery scenario. I still don't think that's an excuse for their export feature not to work as expected. - Bitwarden was having strange issues when I used a local mount initially, it only worked with volumes.
@@sideofburritos i get your points and but have a gut feel those cloud users don't care about backups.. anyway i mapped the container's /data and back that up, perhaps can get them to word as "Export (without attachments)"
@@SEOng-gs7lj I have no doubt that 99% of the people that use SaaS solutions don't care about backups. I do hope to get at least a few people to think about it by mentioning it though. Too many people think “the cloud” is invincible.
I honestly know a lot more people who lose their accounts by attempting batman level security ; having a 20-character master password with symbols and digits; storing the master password in a veracrypt container, and storing the password for veracrypt in a self hosted server; and then have 2 factor authorization for the password manager with the tokens of authenticator apps being uploaded into another encrypted cloud whose password is stored in another veracrypt container. Yeah same way far more people lose their crypto money by losing the phone that had their Bitcoin wallet and not remembering where they saved the seed; rather than keeping it in an exchange
@@FalconFernando do you comprehend difference where individual loses his access to entity and where someone intercepts your credentials written in plaintext and steals everything from you?
It is considered bad pratice to store files in your password manager. I feel this is why they don't allow you to back up files to try and steer you in the right directions, whether it be yaml files, certs, etc. Keys should be stored in bitwarden fields on a entry not in a file. You can then use a tool like git, you can locally host something like gitlab if you want a GUI. If you are using files in bitwarden you really need to ask yourself why because 99% it is not the right tool for the job.
I completely disagree with you. Who says it's bad practice to store files in your password manager? If that were the case, it wouldn’t be a paid feature. Their main webpage explicitly states, 'Securely encrypt files or text,' and the individual file limit of 500 MB reinforces this functionality. Storing sensitive files in git is far less secure since everything is stored in clear text. Additionally, they recently commented on the thread I referenced, confirming that attachment backups are on the 2025 roadmap. Not including attachments in the export isn’t meant to imply that attachments shouldn’t be used. It’s a shortcoming in Bitwarden’s implementation.
@@sideofburritos The best practice i speak of is more for Site Reliablilty Engineering were you try to keep your infrastructure decoupled from things like secrets and hardware. You keep your configuration files such as ansible, kube and shellscripts in git and interpolate in secrets using a secrets manger such as hasicorp vault. This allows you to decouple your infrastructure as code from secrets preventing errors that come while updating your configurations. I just can't think of a use case for your requested feature maby you are keeping different types of files in your vault such are hardware firmware, and router snapshots? In that case I would encrypt the snap shots and store them on a NAS or using gitlab runners to create a artifact in a repo, then only keep the encryption key in the bitwarden vault this will decouple filebackup and secret backups. I understand this is all overkill for homelab, I was just trying to explain why this has not been a focus on bitwarden they want to appeal to enterprise customers first then consumer level next.
@@AundreL From that perspective, I completely agree with you. That is indeed the way it should be done. Regarding backups, I copy them to my NAS and then to a remote location. However, I'll explain in a future video why those weren't usable after I erased my drive. Hopefully another useful learning experience for others. For my personal password vault, I stored files like pictures of my identity documents, which are helpful when traveling in case I lose the physical copies. Additionally, I kept confirmation emails with license keys in case I needed to provide them to a company in the future. I also included SSH keys (which you mention could be in a text field, true) so I could easily download and use them if I didn't have my personal computer.
I mentioned it was on me in the video :D The self-hosting guide does mention backing up shares, which covers multiple users. But let's pretend you're just one user or using the hosted version of Bitwarden. Using the export tool is the documented procedure - bitwarden.com/resources/guide-how-to-create-and-store-a-backup-of-your-bitwarden-vault/#exporting-your-bitwarden-vault “Because this vault copy is intended for use as a backup to restore a Bitwarden vault in case of being locked out, it’s best to choose the .json export format. When importing a Bitwarden .json vault file, it will give you a vault identical to the original vault at the time it was exported.”
In the Bitwarden thread I mentioned in the video, someone commented that exporting attachments is on the 2025 roadmap. I believe this was noted before the video, but either way, it’s great news! - community.bitwarden.com/t/allow-attachments-to-be-exported-when-using-export-data/835/81
I host my Vaultwarden instance with docker.
To make backups, i always stop the container, tar all files into a tarball and save that tarball into a folder thats being synced to my NAS. After creating the tarball, i start the container again. all automatic at 4AM everyday.
Works perfectly for me, but i think Bitwarden needs a better backup integrated.
do you mind sharing the script ? I am struggling with my tries of doing it automatic
@jhonattansouza i dont mind sharing.
I'm busy at the Moment, but i'll write a comment as soon as i got access to the script and made it a little more accessible, cause i'm Working with absolute paths atm.
I'll get back to you!
no worries ! thank you , i appreciate it
Same but I just use ttionya docker image instead along with vaultwarden
@___aZa___ 100% solid way to do it. I was actually using offen (docker-volume-backup) that would automatically do this for me. Then I had a script that would encrypt, and scp the backup to a few locations. But when I actually needed to use it a month after restoring the export and decrypt it to see if I could get my attachments… I had the encryption key as an attachment in Bitwarden 🤡 so it was gone.
I'm going to share that in a bit more detail in a future video because I think it's important to account for different situation and have an “out-of-band” restore/recovery method.
Thanks for the reminder, will have to back up my attachments. Thanks for being transparent about your mistakes so many of us will not have to learn the hard way.
You're welcome! I figure it was worth sharing and highlighting. Mine as well try to turn a mistake into a learning experience for others.
Also critical: there is no native history of 2FA seeds. If you overwrite one without having a backup, there is no recourse. Learned this the hard way.
With keepassxc you can have it create a backup every time the database changes.
That's a hell of a tip and an easy mistake to make.
I highly recommend setting up automatic backups on the server itself where you self host. I had to learn from a very painful mistake myself
It's funny, but I did have that. I just used the export method since I was doing a migration and both instances were running. But here's what happened (copied from another comment):
I was actually using offen (docker-volume-backup) that would automatically do this for me. Then I had a script that would encrypt, and scp the backup to a few locations. But when I actually needed to use it a month after restoring the export and decrypt it to see if I could get my attachments… I had the encryption key as an attachment in Bitwarden 🤡 so it was gone.
I'm going to share that in a bit more detail in a future video because I think it's important to account for different situation and have an “out-of-band” restore/recovery method.
As recommendation backup your most important keys/passwords seperately on a hardware encrypted usb stick or drive and put it in a safe deposit box. That you have a way to restore your encrypted (online) backup if all your devices with pw manager get stolen or break
I learned one important lesson last month: Keep an image file of your backup, eventhough you think you got everything. It is easier to miss something than you think… :(
In the future, I will definitely be doing this. Image the server, zip it up, and store it away somewhere before erasing.
Thank you for your sacrifice, although I don’t self host it’s definitely got me thinking. I might look into some of the services I already have and tap into them.
It's definitely worth keeping in mind. While the chances are low anything would happen to your attachments, the possibility is there.
attachements missing is such a mess. i knew of this "bug" from the beginning , coming from keepass where i used them a lot this is bad. now i avoid uploading files and only use bitwarden as pw manager. 2fa is now taken care of by ente auth. 2fa recovery are stored on a extra proton pass and nothing else.
I also don't like bitwarden bacause of attachments, but I use it with my wife to share some password. The attachments are always loaded from the server, and the most common case is that sometimes I show the copy of my passport in different places, and every time I need to load it from my server, which takes some time or impossible, if there's no network coverage in the place where I am. Storing document copies somewhere else might be a good idea, but it's not convenient. Also I like to store other documents in the password manager. That's why keepass in 2025 is still worth it in some aspects.
wat u guys think of ente auth?
From my understanding those attachments live on their cloud service in encrypted storage. (Size depends on paid service) should those files not still be downloadable from them? Did I read their documents incorrectly?
You're correct, they do. But that's only when you use their hosted vault. I was self-hosting, so all the files were on the hard drive connected to my raspberry-pi.
OOOF! I did NOT realize that, tyvm for pointing it out! I'm gonna have to go backup my attachments immediately, thanks so much!
You're welcome and good idea!
This is way I use containers and just stop the running container move the container and it’s folders to a new machine then start the container on that new machine.
I was using docker volumes which you can't just copy to a new machine. I tried to set up Bitwarden initially using a local mount, but the container would throw errors.
@@sideofburritos I rarely use docker volumes and do bind mounts to a folder on the host machine. Try using vaultwarden and/or double check your configuration.
@@sideofburritos Did you make sure you weren’t running into permission issues?
@@Jad2410 As far as I know, the permissions were correct on the actual host path (docker had ownership like I've configured for other containers). If I encounter issues that early on with using a host path, I usually just stick with docker volumes to avoid future issues.
@@sideofburritosI've been using vaultwarden for over a year now with bind mounts. There has never been a issue using it that way and it's survived a machine move.
Hey, important topic! Though, the title is a bit misleading, as it is not a "backup" function per se, but an export function. And: they are going to integrate export for attachments! See in the Community Forum and on their new January roadmap there.
Nice! Glad to see it will be added soon, much needed. Eh, if you're using their cloud hosted vault the export is your only means of a backup.
Something similar happened to me: it seems that items in the "Notes" section do not get backed up 😢
But that means there is no proper way to export your attachments? (As a regular user)
Yes. Regular users that don't self-host have to manually download each attachment if they truly want to backup their vault.
This is really an incomplete feature that got the "MVP" (Miinimum Viable Product) treatment by the product management. As in what is the least amount of work and functionality possible to call the development effort "complete" and ship the product.
Also, Bitwarden doesn't care about individual users. They only care about problems their corporate enterprise customers have. And those all do system image backups on premises of their self hosted systems or rely upon Bitwarden to do that for them with the cloud hosted vault. Bitwarden decided backing up self hosted vaults is not their problem to solve and declared it "out of scope" to conveniently absolve themselves of any architecture, design, or engineering lapses or defects.
@mike80808 wow okay, that just irradicates Bitwarden as a password manager completely, currently i use KeePass which is way better for advanced users anyway, but trying to convince friends of easy open source solutions is hard and i think Bitwarden just died as a password manager for me
Bitwarden just made public, that export of attachments is going to come. (see their current roadmap and a corresponding thread on their community forum)
@@unmapped89361 im also waiting for the ssh key integration which they announced afaik
For me, Keepass works very well in combination with a yubikey... and of course also with attachments
I also use Keepass file on cloud storage and that works without any issue.
KeepassXC?
After reading your comment and others, I think this is the route I will be going.
@@sideofburritos I have to thank... This is an important point that you discovered...
@@lussor1 Yea, KeePassXC for desktop. Then there are other versions if you want to access a copy of it on your Android device, like KeePassDX
I know this may seem like a pain but i keep my attachments sepreate from bitwarden and use safe space from Fdroid for that just incase bitwarden goes down or changes policies i dont like.
And safe space allows exports in zip backup
Great video. Thanks for the heads up. You are right, there should at least be a warning.
Thank you, and you're welcome!
I’m so sorry for your lost attachments, but thank you for sharing this, as it will prevent other self-hosted BW users from losing data.
You're welcome! I was hoping sharing my mistake could help some others. Judging from the comments, it sounds like it has.
The funny part is they are obligated by law to let users export all their data in a machine-readable format for EU users for their own SaaS instance under GDPR.
That's a very interesting point. Living in the US, I never consider that. I'm surprised this hasn't been a problem for them in the EU.
my god, that's devastating. i am so sorry
Thanks for the video. I could have made the same mistake, I wanted to switch to Bitwarden (self-hosted, or not) several times, but I never did because I'm addicted to the autotype function of Keepass XC. I would not recommand Keypass to beginner, as you must know what you are doing with sync, merging, etc... and more importantly you are responsible of your backup. For this I think I'm a little paranoid, and have enough backup and history of my keepass vaults.
You're welcome. That was why I wanted to share it. It's an easy mistake anyone could make. I agree about KeePass. While it's a great option for some, it's easy to mess up and lose everything. But, the simplicity of it is also a beautiful thing.
Would be pretty easy to implement right? Just needs to generate a zip file with all the attached files from your vault next to the json/csv file
Technically yes, but there should also be an encrypted option which would include the attachments secured similarly to the .json file when selected.
Seems, they're going to implement exactly that. See the corresponding thread in the community forum.
Proton pass?
Man that sucks, I know Vaultwarden has a warning is weird that Bitwarden doesnt
Why would you want use Bitwarden over Vaultwarden anyway? Bitwarden is a resource hog compared to Vaultwarden.
@mudi2000a some things (like a password manager) I try to stay as close to the original company/source as possible. Even if it's a trusted fork.
@ that is understandable. In any case Vaultwarden is not a fork but a complete reimplementation in Rust.
@@mudi2000a Whatever you want to call it, it's still an unofficial client.
Not a client, VaultWarden is a drop-in replacement for the server!
new subscriber. sorry to hear ur loss. while ur testing keepass also test out protonpass pls. keep up great work
Thanks for subscribing! I might test it, but I wouldn't use it. Here's a copy/paste from another comment that asked about it - For better or worse, I've been trying to avoid putting all my “eggs in one basket”. So for that reason, I don't use their password manager.
I used to use 1Password, starting with like version 1.3 or something, way back when MacHeist blah blah… I used to attach PDFs or images to a lot of my stored secrets with things like license keys or similar. When the pricing structure changed for 7 so that 1P cost more to self-host than to sASS, I did have to upgrade because Apple, but I went looking for alternatives. Bitwarden was it. It was then I discovered that my attachments were all mangled. And mangled in my 7.0 backups, too. Took me long enough to discover and migrate to Bitwarden that I no longer had any 6.x backups, but I suspect the old attachments were lost long before that.
I was lucky in that I could find most of what I'd made those attachments from for anything I still cared about. I lost reg keys for a couple of programs I mostly didn't use anymore. But it could've been much worse. So check your attachments regularly, regardless. And keep separate backups of them with Bitwarden for now!
Thanks for sharing! I definitely will from now on. I was using it for the same purpose as you, for registration keys. Thankfully I also added the registration details to the item in my vault, then attached the receipt/registration details as a reference. So while that's gone, I still have my keys.
@@sideofburritos I've gone full-time leenooks so at this point I have one software license to worry about. A couple of Nuance speech engines (I'm legally blind and espeak and friends sound like crap.)
Thanks for the headsup
You're welcome!
Thank you for the heads up, that's a really serious fucked up for Bitwarden.
You're welcome!
Appreciate the info. Switched to bit warden last year. I might look into proton pass or another alternative too.
You're welcome! I still think it's a great product, just something to keep in mind while using it.
6 year old feature request on a on a funded project its shocking. Simple warning, like the other warning in the GUI would solve this huge issue.
Oof. Just thinking about your situation makes me nauseous. 😱 I would have made the very same assumption. Thanks for giving me things to consider with my own vault.
Maybe this isn't good practice, but I've always just backed up the docker data folder(s).
That's the best way to do it for complete, regular backups. For this since I was just doing a migration and I had the old and new instance running, it seemed more convenient.
@@sideofburritos makes sense! I totally agree with your video though. There should be a way to backup/export attachments.
Thank you for making a video for this.
You're welcome!
I think they will suport this eventually, Bitwarden is awesome
6 years and counting, I would hope so.
Thats why my vaultwarden is in VM and I'm doing backup of the whole VM.
Wow, that’s a crazy oversight. 🤯
Yup, not good 🤓
Managing data is something you learn the hard way. It is not about the application, it is about how you handle the data. Never ever delete your data the first year after migration, keep it on at least 2 different places and test the recovery process at least once. And even then you may still lose your data as there is no such thing as “covering all possibilities” 😅
It sure is, haha. The part that I need to improve on is how long I keep data after a migration. I'm quick to delete old data (lesson learned). I actually still have a full backup of the data stored offsite, but I'll be sharing in a future video how I screwed myself there. #1 lesson, test your backup strategy and account for failures. Thanks for the tips!
A solution is to migrate the entire data volume in Docker.
Bitwarden will export file attachments after they implement tagging.
oh! thanks for the insight
Welcome!
Unfortunately bitwarden has an extensive history of simply not caring about basic user requests.
It's on their roadmap now and in developement.
@unmapped89361 have seen multiple really big (mostly simple) requests hit their roadmap only to be shelved again and again.
The auto fill for non supported fields, unified is also years behind original estimates.
@@dasGieltjE Yeah, that has some truth to it. Though, they changed their roadmap "strategy" - formerly, they also listed there some things they would only "research". Now, they list only things, that already are in active development. So chances are, that those things very likely are going to come.
What are your thoughts on Proton Password manager?
For better or worse, I've been trying to avoid putting all my “eggs in one basket”. So for that reason, I don't use their password manager.
A bit of a tangent, but I'm also annoyed they keep launching new products instead of working on their existing products (like the Android Mail app). Last time I checked, the iOS app has features that the Android app is missing. I get it from a business perspective, the more products the more user lock in. But it's unfortunate as an existing customer.
I have also recently changed to Joplin(encrypted backup to the Dropbox) and bitwarden (self hosted) maybe Joplin is better alternative for the notes.
If you're using the “Secure note” feature in Bitwarden, those get backed up. If you add an attachment to a note, that won't be backed up.
I've used Standard Notes for my notes, which is owned by Proton now. It isn't integrated, so I don't have access to all the features yet.
Have you tried recovering the data from the Raspberry Pi?
I have, unfortunately how I erased it I wasn't able to get any usable data.
@@sideofburritos There are many shops that specialize in recovering data, maybe if it's only a few MB they could do something
Great PSA. Shame it had to happen. Let's hope a good hearted dev reacts to this glaring oversight they left.
Thanks
You're welcome!
This is exactly why I won't pay them
guter Punkt...
the Tea is hot
☕
that is not really the bitwardend issue. When I copied bitwarden I copied the docker container, especially the permanent volume for bitwarden. I do not like the backup restore because it does not put to the categories but all to uncategorized folder...
Absolutely that's a Bitwarden issue. If their backup feature doesn't back up everything in a vault (without warning) that's a failure. What about those that use the cloud hosted version? They have no way to back up their attachments since they have no control over the cloud instance.
@@sideofburritosisn’t the whole point of using Bitwarden that you DON‘T want to use a cloud solution?
@@mudi2000a No. For a lot of people they use the hosted version which is perfectly fine. It's a great option for a lot of people, and many don't want to have the major responsibility of being responsible for their password vault data.
@ sure. But if you use a hosted version there are a plethora of services to choose from. Of course still Bitwarden can be the best choice.
Your video title is misleading, it's "Export vault", not "Backup vault"... Does "The Big Problem with Bitwarden Exports" still sound like a big problem? First thing that struck me, your backup isn't automated, that's why you never had to scale up (and could rely on BW's backup). Imagine the nightmare if we had to use every app's different built-in method to backup... when using docker, give it an external data folder and back that up instead...
Few things:
- Valid point on the title, I'll think about changing that. For cloud users export === backup.
- Pretend someone isn't self-hosting. Do you think it's viable for them to manually export every attachment from their cloud hosted vault? How to they back up their passwords/attachments?
- I had automated backups of the volumes, I just screwed up something when I needed them, which I'll share in another video. I opted to use the export feature because it was simpler when migrating. It wasn't a disaster recovery scenario. I still don't think that's an excuse for their export feature not to work as expected.
- Bitwarden was having strange issues when I used a local mount initially, it only worked with volumes.
@@sideofburritos i get your points and but have a gut feel those cloud users don't care about backups.. anyway i mapped the container's /data and back that up, perhaps can get them to word as "Export (without attachments)"
@@SEOng-gs7lj I have no doubt that 99% of the people that use SaaS solutions don't care about backups. I do hope to get at least a few people to think about it by mentioning it though. Too many people think “the cloud” is invincible.
tagsgohere 😂
Nice catch, forgot to remove that. I'll leave it 😂
I just save all my passwords in a .txt file and make them short and easy to type with only letters and a number at the end.
and keep the cleartext files folder in google cloud, because you have nothing to hide
I honestly know a lot more people who lose their accounts by attempting batman level security ; having a 20-character master password with symbols and digits; storing the master password in a veracrypt container, and storing the password for veracrypt in a self hosted server; and then have 2 factor authorization for the password manager with the tokens of authenticator apps being uploaded into another encrypted cloud whose password is stored in another veracrypt container.
Yeah same way far more people lose their crypto money by losing the phone that had their Bitcoin wallet and not remembering where they saved the seed; rather than keeping it in an exchange
@@FalconFernando do you comprehend difference where individual loses his access to entity and where someone intercepts your credentials written in plaintext and steals everything from you?
@@FalconFernando The problem is if it's not your keys it's not your money. Exchange could got rogue or get hacked like MtGox
@@Coaxalis password123
It is considered bad pratice to store files in your password manager. I feel this is why they don't allow you to back up files to try and steer you in the right directions, whether it be yaml files, certs, etc. Keys should be stored in bitwarden fields on a entry not in a file. You can then use a tool like git, you can locally host something like gitlab if you want a GUI. If you are using files in bitwarden you really need to ask yourself why because 99% it is not the right tool for the job.
I completely disagree with you. Who says it's bad practice to store files in your password manager? If that were the case, it wouldn’t be a paid feature. Their main webpage explicitly states, 'Securely encrypt files or text,' and the individual file limit of 500 MB reinforces this functionality. Storing sensitive files in git is far less secure since everything is stored in clear text. Additionally, they recently commented on the thread I referenced, confirming that attachment backups are on the 2025 roadmap.
Not including attachments in the export isn’t meant to imply that attachments shouldn’t be used. It’s a shortcoming in Bitwarden’s implementation.
@@sideofburritos The best practice i speak of is more for Site Reliablilty Engineering were you try to keep your infrastructure decoupled from things like secrets and hardware. You keep your configuration files such as ansible, kube and shellscripts in git and interpolate in secrets using a secrets manger such as hasicorp vault. This allows you to decouple your infrastructure as code from secrets preventing errors that come while updating your configurations. I just can't think of a use case for your requested feature maby you are keeping different types of files in your vault such are hardware firmware, and router snapshots? In that case I would encrypt the snap shots and store them on a NAS or using gitlab runners to create a artifact in a repo, then only keep the encryption key in the bitwarden vault this will decouple filebackup and secret backups. I understand this is all overkill for homelab, I was just trying to explain why this has not been a focus on bitwarden they want to appeal to enterprise customers first then consumer level next.
@@AundreL From that perspective, I completely agree with you. That is indeed the way it should be done. Regarding backups, I copy them to my NAS and then to a remote location. However, I'll explain in a future video why those weren't usable after I erased my drive. Hopefully another useful learning experience for others.
For my personal password vault, I stored files like pictures of my identity documents, which are helpful when traveling in case I lose the physical copies. Additionally, I kept confirmation emails with license keys in case I needed to provide them to a company in the future. I also included SSH keys (which you mention could be in a text field, true) so I could easily download and use them if I didn't have my personal computer.
Freaking sucks man, sorry.
Thanks. At least it made for a good video topic 😂
The backup procedure officially documented is different from what you were doing .it's on you .
I mentioned it was on me in the video :D
The self-hosting guide does mention backing up shares, which covers multiple users. But let's pretend you're just one user or using the hosted version of Bitwarden. Using the export tool is the documented procedure - bitwarden.com/resources/guide-how-to-create-and-store-a-backup-of-your-bitwarden-vault/#exporting-your-bitwarden-vault
“Because this vault copy is intended for use as a backup to restore a Bitwarden vault in case of being locked out, it’s best to choose the .json export format. When importing a Bitwarden .json vault file, it will give you a vault identical to the original vault at the time it was exported.”
RTFM!!!!!!!!!!!!!!!!
I know, gotta read it more for simple features 😢
This is not a good feeling to lose documents
Never a fun one 🙃