This is a script for backing up your Bitwarden Vault in an encrypted archive. It supports:
- Bitwarden native plain text json export of personal vault.
- Bitwarden native plain text json export of organizational vault(s).
- Downloads all attachments and adds to the archive. (Not supported by BW native export)
- Downloads the raw json from
bw listcommands to be able to map the attachments back into a restore. (Not supported by BW native export) - Encrypts the archive with 7zip AES256 encryption with your own passphrase (Remember to keep it long!). This allows for non-vendor lock in backups (vs the BW native encrypted-json backup requires you restore to the same user account).
- Decrypt and unpack a backup archive to gain access to the backed up files.
Content of .env.docker
## Backup
# The Password to the encryption of the backup, this should be very long.
BWBU_PASSPHRASE=
# Bitwarden master password, needed for unlock and export
BWBU_BW_MASTERPASSWORD=
# Bitwarden API Key Client Id
BWBU_BW_CLIENTID=
# Bitwarden API Key Client Secret
BWBU_BW_CLIENTSECRET=
# Optional
# Backup Personal vault, default: true
BWBU_INCLUDE_PERSONAL=true
# Backup Organizational vault(s), default: true
BWBU_INCLUDE_ORG=true
# Backup file attachments, default: true
BWBU_INCLUDE_FILES=true
## Unpack
# Path to the backed up archive, Remember the mappings in docker!
# Should probably be like: /backup/bw-backup-[DATE].tar.gz.7z
BWBU_SOURCE_FILE=
docker run --rm --env-file .env.docker -v /tmp/backup:/backup johnlindahl/bitwarden-backupdocker run --rm --env-file .env.docker -v /tmp/bwbu/backup:/backup -v /tmp/bwbu/unpack:/unpack johnlindahl/bitwarden-backup unpack- Restore personal vault into a (new) Bitwarden Account from Backup archive.
- Restore organizational vault(s) into a (new) Bitwarden Organization from Backup archive.