Security is constantly evolving. Today, a new in-depth security report is available, continuing the Bitwarden commitment to transparency and trusted open source security. The audit, conducted by the prestigious Applied Cryptography Group at ETH Zurich, proactively tested Bitwarden core cryptography operations against the hypothetical event of a maliciously compromised server. All issues identified in the report have been addressed by the Bitwarden team and have been included in the attached cryptography report for full transparency.

Bitwarden was selected for analysis by ETH Zurich primarily due to its open source architecture, where code is available to the public on GitHub for inspection, auditing, and contribution. With this model, the world's leading academic researchers and professional minds, like the ETH Zurich Applied Cryptography Group, can stress-test Bitwarden infrastructure and code with penetration testing and security audits.

Academics say they found a series of flaws affecting three popular password managers, all of which claim to protect user credentials in the event that their servers are compromised.

The team, comprised of researchers from ETH Zurich and Università della Svizzera italiana (USI), examined the "zero-knowledge encryption" promises made by Bitwarden, LastPass, and Dashlane, finding all three could expose passwords if attackers compromised servers. //

As one of the most popular alternatives to Apple and Google's own password managers, which together dominate the market, the researchers found Bitwarden was most susceptible to attacks, with 12 working against the open-source product. Seven distinct attacks worked against LastPass, and six succeeded in Dashlane.

Welcome to the family! This course shows you how to use your Bitwarden account, access items shared by your Family Admin, and keep your personal passwords organized and secure.

Vaultwarden is an unofficial Bitwarden server implementation written in Rust. It is compatible with the official Bitwarden clients, and is ideal for self-hosted deployments where running the official resource-heavy service is undesirable.

Vaultwarden is targeted towards individuals, families, and smaller organizations. Development of features that are mainly useful to larger organizations (e.g., single sign-on, directory syncing, etc.) is not a priority, though high-quality PRs that implement such features would be welcome.

There have been several audits done on Vaultwarden of which some are publicly available, read more about it on our Vaultwarden Audits wiki page.

Supported features

You can export your individual vault data from any Bitwarden app, or export organization vault data from the web app or CLI. Exports can be downloaded as plaintext .json or .csv files, or as a .json encrypted export.

We recommend using .json for a more complete export, as .csv files won't currently export cards or identities. Additionally, only .json exports include stored passkeys. For complete information on the format of Bitwarden .csv and .json files, see condition a Bitwarden .csv or .json.

vaultwarden data should be backed up regularly, preferably via an automated process (e.g., cron job). Ideally, at least one copy should be stored remotely (e.g., cloud storage or a different computer). Avoid relying on filesystem or VM snapshots as a backup method, as these are more complex operations where more things can go wrong, and recovery in such cases can be difficult or impossible for the typical user. Adding an extra layer of encryption on your backups would generally be a good idea (especially if your backup also includes config data like your admin token), but you might choose to skip this step if you're confident that your master password (and those of your other users, if any) is strong.

Backup vaultwarden (formerly known as bitwarden_rs) SQLite3/PostgreSQL/MySQL/MariaDB database by rclone. (Docker)

Jaycuse

I recommend having a read at the wiki

https://github.com/dani-garcia/vaultwarden/wiki/Backing-up-your-vault

I use the docker image bruceforce/bw_backup

My docker compose settings:

bw_backup:
  image: bruceforce/bw_backup
  container_name: bw_backup
  restart: unless-stopped
  init: true
  depends_on:
    - bitwarden
  volumes:
    - bitwarden-data:/data/
    - backup-data:/backup_folder/
    - /etc/timezone:/etc/timezone:ro
    - /etc/localtime:/etc/localtime:ro
  environment:
    - DB_FILE=/data/db.sqlite3
    - BACKUP_FILE=/backup_folder/bw_backup.sqlite3
      # EVERY DAY 5am
    - CRON_TIME=0 5 * * *
    - TIMESTAMP=false
    - UID=0
    - GID=0

Once I have the backup file I use borg backup al

Backing up data
By default, vaultwarden stores all of its data under a directory called data (in the same directory as the vaultwarden executable). This location can be changed by setting the DATA_FOLDER environment variable. If you run vaultwarden with SQLite (this is the most common setup), then the SQL database is just a file in the data folder. If you run with MySQL or PostgreSQL, you will have to dump that data separately --