I have been searching in this forum and a bit around duckduckgo-ing… could not exactely find what I need.
I hope I have some help here.
I would like to automate the Export vault on a daily basis.
I cant find the way to do that.
I self host vaultwarden in a docker in an Ubuntu server. I created a stack in Portainer.
I do use a password and TOTP to access my vault.
I need to backup the vault for me and my family (4 users total)
- Is it possible to backup the vault?
- If yes: is it possible in .json or best in one of the other formats? (for future restore in case of catastrophic event)
- How can I do that? (CLI, already existing tools -mind I am in a docker).
- And if possible to export it to (example) nextcloud? (I assume is possible to choose an encrypted or not export).
Thank you .
I would suggest to read the Bitwarden documentation regarding this Export Vault Data | Bitwarden Help Center
There is no automation for this, but you could check GitHub - vwxyzjn/portwarden: Create Encrypted Backups of Your Bitwarden Vault with Attachments to help with this.
It uses the Bitwarden CLI to interact with the server.
Fair point… I did read a bit about it but I am not sure to understand if it does work with the TOTP.
I have vaultwarden in a cloud server, and keep a local replica in a raspberry pi at home.
At the server, a daily job does essentially:
sqlite3 ./data/db.sqlite3 ".backup /path/to/backup/snap_vaultwarden.sqlite3"
Then, also daily, the replica server (at home) stops the container, fetches the sqlite3 file, overwriting the local one, and restarts the vaultwarden container.
This way there’s always a local copy (and I can log in there even if the “master” server is down for any reason).
AFAIK the sqlite3 database has everything you need in terms of backup.
I will look into this technique. Basically you clone the cloud version of (docker) vaultwarden from the cloud to local (I also have mine in a cloud).
If I understand right, you dont directly backup your vault (or export it) but you do backup the DB that in turn has what you need.
Your ‘disaster’ strategy would then be that if the cloud server is compromised/broken/unreachable, you connect locally t o your local clone and you can still use it, correct?
It is something I will explore. good idea.
It is certainly more elaborated and complex than automate a vault export. I am no expert and the above technique will take quite sometimes to be implemented (eventually it will).
It is most important to keep a backup when you run your own server/services. If a machine dies and One rely on it… it becomes a real catastrophic event. (specially about passwords).
now, with the new passkey system, probably more than ever.
thank you for your help
Just an FYI the sqlite DB is not the only thing you will want to backup as this will not contain items such as attachments.
I highly recommend reading further below.
And which tool are you using to export this then?
The Vaultwarden binary doesn’t have an export feature.