Backup Bitwarden using it's CLI
Bitwarden is a Free*, open-source, independently audited, state-of-the art password manager. It offers a lot of the functionality of paid password managers like Lastpass, 1Password, etc. for free to its users. As a bonus you can even self-host your own instance of bitwarden on your server.
*= basic features are free. Premium and family/team subscriptions are available.
You need Backup!
It is important for you, the user, to keep a secured copy of your passwords offline in the event the server is unavailable, or you’re experiencing connectivity issues, etc. Here I show you how to export your bitwarden vault (this method backs up everything except file attachments & items in trash) using the bitwarden app, and the official bitwarden command-line-client. Also I show you one of many ways to encrypt your backup (locally on your device).
Method A: Via Bitwarden App(s)
Bitwarden now provides the user an option to
backup straight from their apps (desktop and mobile). Head to
Remember: Select the
.json format to ensure that your exported backup contains cards, notes, identities, etc. The
.csv format of the backup doesn’t support them.
The above method should work with all versions of the Desktop apps and also in mobile apps.
Method B: Manually using the command line
One of my favorite features with Bitwarden has been their well-documented command line client. It really was a big motivator for me to switch from Keepass when bitwarden was new and gaining traction!
Install Bitwarden-CLI, if not installed already, from homebrew
- There are several methods at your disposal.
- My favorite: Using homebrew and get it by running
brew install bitwarden-cli
Once you install it, here’s a quick guide on how to use it:
Login to your BW-vault
bw login # type in your credentials
Here you might be prompted for 2FA (if you have set it up). If you haven’t yet, you really should! Here’s how.
After successfully authentication a session key is returned from the server. This key key is necessary to use the subsequent commands (and any command for that matter, which requires your vault to be unlocked.)
Pass the session key to your CLI commands
# Current method bw export --output ~/Desktop/bw.export.json --format json # on older versions you could run: bw list items > ~/Desktop/bw.json
Lock vault and logout
bw lock && bw logout
Encrypting your backup
You should always archive and encrypt the database. Reason for doing so, you might ask.
Why archive? - If you only have one copy that you over write, data corruption
Why encrypt? - I’m sure you know this if you’ve read this article so far, but one word, Privacy! Longer version, Your passwords are Your private property, you need to keep them locked up.
There are hundereds of ways of achieving this; I am showing one of many ways using Keka to archive it as a