Open in app

Sign in

Write

Sign in

Back up your Bitwarden/Vaultwarden

One Tx
4 min readJan 26, 2024

--

Keep your passwords safe

Hello everyone, for all of us who save our password on a service like Bitwarden and who are a little paranoid, we want to keep our passwords in our possession.

Today I’m going to show you how to make a backup of your passwords so you don’t lose them and always have them safe. The service can be mounted in several ways, I am going to explain how to mount it as a Docker service with Docker Compose and how to use a template for UNRAID to use it on this operating system.

Preparation

Before we start, we need to get some data from our Bitwarden/Vaultwarden account. To do this, we will log in to our vault website, whether Bitwarden or Vaultwarden, and we will recover our authentication tokens. Don’t worry, I will explain how to do it step by step. These tokens are essential to be able to backup our passwords.

To obtain the tokens, we follow these steps

  • We go to the address of our vault and log in with our Bitwarden/Vaultwarden account.
  • We access our user profile and select ‘Account Settings’.
  • Within this option, we select ‘Security’.
  • Within ‘Security’, we select ‘Passwords’ and then ‘Check API code’.
  • At this point, we can see and copy the ‘ClientID’ and ‘ClientSecret’, we will save these values ​​that we will use later in the service to make the backup.

Service Configuration

Next, we’ll copy the example Docker Compose from here and customize it with our personal information.

services: 
  bw-export: 
    container_name:  bw-export 
    image:  0netx/bw-export 
    volumes: 
      -  ./export:/var/data 
      -  ./export:/var/attachment 
    environment: 
      -  BW_CLIENTID=<CLIENT  ID  FROM  BITWARDEN  API> 
      -  BW_CLIENTSECRET =<CLIENT  SECRET  FROM  BITWARDEN  API> 
      -  BW_PASSWORD=<BITWARDEN  PASSWORD> 
      # Optional: Own Vaultwarden/Bitarden selfhosted server 
      #- BW_URL_SERVER=<YOUR VAULTWARDER URL SERVER> 
      # Optional: By default, /var/data/ 
      # - OUTPUT_PATH=< Output path ie /var/data/ > 
      # Optional: By default, /var/attachment/ 
      # - ATTACHMENTS_PATH=<attachment path ie /var/attachment/ > 
      -  EXPORT_PASSWORD=<Export  password.  Export  will  be  encrypted  with  this  password> 
      # Optional: If not provided, the service will export all organizations in vault. 
      # - BW_ORGANIZATIONS_LIST=<Organization list id, comma separated>

We have to make several changes:

  1. In the ‘volume’ option, we must map it to the path of our server where we want to leave the backup.
  2. In the options ` BW_CLIENTID ` and ` BW_CLIENTSECRET ` we enter the codes that we recovered in the previous step.
  3. In the ‘ BW_PASSWORD ‘ option , we enter our Bitwarden/Vaultwarden service password.
  4. In the ‘ EXPORT_PASSWORD ‘ variable, we indicate the password with which we want to encrypt our backup.

The other variables are optional and we will not report them at the moment.

Backup Execution

Once this is done, we will pull up our Docker Compose with the command docker compose upand watch the backup take place. The service logs into the security vault, extracts all passwords, encrypts them in the path where we have specified, and logs out.

The backup is encrypted with the password defined in EXPORT_PASSWORD

Both Bitwarden and Vaultwarden can be supported if you wish, as the service uses the official Bitwarden client, which works with both.

Unraid Deployment

Finally, we will explain how to set up this same service in the Unraid operating system. To do this, we follow these steps:

  • We go to our Unraid server and in the ‘Apps’ tab, we look for the application called ‘ Bitwarden Export’ .
  • We click on ‘Install’ and inform the required configuration keys, mainly ‘ClientID’, ‘Client Secret’, ‘Bitwarden password’ and ‘Exportpassword’.
  • By default, the application will backup to the ‘ appdata ‘ route, which is the default route, but it can be adapted to the one you prefer.
  • Once you start the container or click ‘Play’, a backup of the account will be made to the indicated path.

Schedule backup

The service is not running constantly, but only makes a backup when it is running punctually.

If we want it to run from time to time, we can go to UserScriptsand program an execution script that will raise the container when we are interested. To do this we will create a user script with the following content:

# docker start <name of our service>
 docker start bitwarden- export

I hope this manual is helpful. If you have any questions or need further assistance, don’t hesitate to ask.

Bitwarden
Unraid
Vaultwarden
Backup
Passwords

--

--

One Tx

Written by One Tx

0 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams