It's even mentioned on their Help page - https://bitwarden.com/help/export-your-data/ but I still think it's a bit unacceptable that there isn't even a warning in the GUI about this.
And yes, I know there are ways to manually export the files, but I shouldn't have to do that.
The project is open-source, maybe send them a pull request?
A contribution to Bitwarden would benefit the paid hosting, sure, but it'd also benefit folks who are self-hosting.
Just because a project is open-source doesn't mean they'll accept a pull request with your feature request in it.
If it were to be something requiring more effort I'd suggest engaging with the project and asking if a PR would be welcome first.
An individual file attachment can be as large as 500 MB[0]. It would make the JSON file too big to use.
Still, I do think that Bitwarden should warn users about it when exporting. Just mentioning it in the Help Center doesn't seem so helpful.
The backup would be too big to use if it included all the data it's a backup of? What?
I mean, I know "INSERT INTO files ('my-file.bin', X'CAFEBABE...')" gets it into sqlite, but how would a sane person get that content back out?
I wholeheartedly agree that these companies should have a warning that attachments won't export. Because I almost forgot about them.
I've been doing that in the notes section for LastPass. I think that I'm going to have to move to doing it in the Notes app since that works on all my Apple devices. And it looks like I can lock one Note without having to lock all of them.
They use the "battery horse stable" scheme so you don't have to read crazy ascii over the phone to customer support
How did you do it?
I'll just stick to stuffing files in notes for now, as I had been doing.
Understandable, since sibling comments are saying export happens on the client side, and Vaultwarden is merely a server-side replacement
Although also relevant is the sibling observation that if you're already running Vaultwarden isn't "backup" less "export from some faceless corporation" and more "take a backup of the vaultwanden database"?
https://www.reddit.com/r/Dashlane/comments/gfwyvo/comment/fq...
This is the same thing again.
I switched to 1password before all the funding and feel like there arent any viable alternatives now.
Edit: to be clear this isnt me on reddit this thread is just what backed up bitwarden.
The entire export process seems to be client side. Altering the export to include files should be feasible though the Bitwarden devs might choose not to merge your code because allowing users to access all of those Azure buckets all at once must come at a significant cost.
My workaround for this is to stuff SSH keys and the like in secret fields rather than attachments. This doesn't work for larger files, but it works well enough for my use cases so far.
[1] - https://bitwarden.com/help/custom-fields/#custom-fields-for-...
Seems it's impossible for people to run companies for the average consumer. Are their cash-flow really so bad they can't help themselves going into the enterprise market or is there something else going on?
Enterprises don’t blink at paying $50K/yr for something to improve security and save staff thousands of hours of time. Consumers are used to things being (or appearing to be) free. On a per-user basis, I’d expect consumers to ask more questions of support, while paying much less.
Enterprises are an 80/20 play. Keep your top clients happy and you’ll be fine. The first time you get a large order you realise that’s where your focus should be.
Isn't the bitwarden client opensource enough or the implementation free that someone could come in and modify the export functionality or add the functionality to the API ?
This will backup your entire database, including attachments, users, etc.
https://bitwarden.com/help/backup-on-premise/
Those say that the procedure for backups is to keep a copy of the entire bwdata directory. It doesn't say that you can or should use the export feature.
It seems like the export feature is meant for data migration, not for backups. Though they are related, they're not the same concept.
It probably wouldn't hurt to make this clearer in the GUI. In the export section, it could warn not to use it for backups and could give a link to the proper procedure.
Because if not, then I don't understand this. If you can't back up attachments, they can't be used for anything important. If they can't be used for anything important, then what are they for?
It would be better to not have attachments at all than not let people back them up.
We recently released this feature for Standard Notes[0]. Files you upload to your account from any device are automatically encrypted and backed up to a local folder on your computer.
Granting companies full custody of your files today feels reckless; local backups are a must. And better it be encrypted.
So it makes a sacrifice on the attachments to make sure backup of the more important stuff keeps working even when there's no internet. Moreover downloading all the attachments takes a lot of time and doing it every day (or whatever interval) wouldn't be a good user experience.
I think the Notesnook guys were thinking of adding cloud-to-cloud backups for attachments to work around this reliably.
So I was excited and went in with an open mind, and delighted to be supporting an open source company:
* The initial migration went off to a bad start as it didn't include everything from 1Password. Seemingly random data, and some attachments were missing. If I remember correctly, timestamps/creation dates didn't seem to migrate over, and some whole passwords weren't brought over, but no errors were reported from their migrator.
* When I went to setup my vault after the migration, I was disappointed to see that there was a distinct lack of password types. I have software licenses, credit cards, API keys, regular passwords, recovery tokens, (non-critical) GPG keys, SSH keys, etc etc that I store in my vault. BW only had/has 4 item types to choose from, which just isn't suitable if you want to correctly track the types of items for organization and filtering. There is support for custom fields, but it just isn't the same..
* No support for tagging. I tried to setup a nested folder structure alternatively, but the UX was not easy to use in the desktop application (I was assuming I could do something similar to a `mkdir -p path/to/nested/folder` but BW only allowed me to create a single folder item at a time. For 500 password items, and different "buckets" I keep to organize, I ended up abandoning folders and just kept everything in the root in a mish-mash setup.
I get that it's small and open source, and you have to temper expectations when comparing David (BW) vs Goliath (1P), but BW seems to have earned more community trust, and has an engaged community of fans. BW could absolutely provide a better experience than 1P both from a customer empathy standpoint, and from a product delivery perspective. But point 2 makes a failure (IMO) on point 1. Reading through their community forums, many of these (What I'd consider) table-stakes features have been left to rot on the tree of technical debt. Which makes me sad, because I'd pay a lot more than their current pricing model if they kept an open source attitude towards the product and could deliver more than just a "We're working on it! Stay tuned!" attitude after years of community comments. I'm gonna stick with 1P when the licenses come up for renewal, and use KeePass or Vault as an on-prem backup solution.
I truly, truly hope BW succeeds, because I'd love to move away from my current setup. But I'm not willing to capitulate my workflow because the company can't deliver on highly-requested/highly-coveted features.
I don't squarely put the blame on BW. This feels very common in the saas lifecycle: A feature has some sort of engagement/revenue metric attached to it, for growth tracking. Whether correlation is correct is a debate for another time, but many of these core features have an opaque effect on revenue or engagement (If you're a cynical product manager, an efficient tagging system correlates to less engagement, because I'm spending less time rooting around the user interface, which is less opportunity to use the application minute-by-minute), or it's considered plumbing-type work in which the revenue/engagement potential is spread out across the entire userbase, so the effect is less explosive (SSH key management[1], a niche feature requested by a loud subset of 1P users had huge awareness. But external sharing of items[2] was something I heard very little about, even though (objectively) external sharing casts a wider a shadow of net-new 1P users.
I digress. This just reminded me of the frustration I have with software: Feels like everything I want to use is always missing some key element that I have to trade off for another key element when looking at competitors.
[1] https://blog.1password.com/1password-ssh-agent/ [2] https://blog.1password.com/psst-item-sharing/
Once you actually try to use BW in earnest, you'll find it's noticeably worse than 1PW in most ways. The most glaring is that it is meh at detecting login forms and poor at detecting new account signup. These are the 2 primary flows for a pw manager! It's unforgivable. Other flaws aside, 1PW puts significant effort there and it shows.
> I truly, truly hope BW succeeds,
They've had quite long enough time already to do that. How long will you hold out hope?
I want to love BW so much. I never could get myself to look at KeePass. Anyway the primary use case I care about is sharing, not self-mgmt.
100%
My rule-of-thumb is that onboarding has to be *incredibly* easy; it's the front door of an application, the user's first substantial interactions. If it's not easy or streamlined, I start wondering how the rest of the UX is. And in this case, the front door muddied the carpet inside the doors of the software, and I couldn't figure out how to make the process easy for myself, as BW is feature-gapped in many places.
>Once you actually try to use BW in earnest, you'll find it's noticeably worse than 1PW in most ways. The most glaring is that it is meh at detecting login forms and poor at detecting new account signup. These are the 2 primary flows for a pw manager!
Yes, exactly. I'd argue that login form management is the single most important selling point of a password manager. I can roll my eyes, but deal with new account signup forms. But login forms with stellar autofill is what separates the wheat from the chaff, IMO.
>They've had quite long enough time already to do that. How long will you hold out hope?
Competition makes better product for all of us, I don't want to go back to the days of LastPass, So I'll cross my fingers for them, but won't return as a customer after this initial billing cycle.
>Anyway the primary use case I care about is sharing, not self-mgmt.
I'm the inverse; self-management is more important. The only sharing I need is with my partner, which we don't do much of, considering most important shared stuff has accounts for each of us. KeePass is simply for backup purposes, but I haven't decided one way or another where I'll land between them and Vault. I lean towards Vault (Full disclosure: I work for Hashicorp) mostly because I'm more familiar with the APIs than I am with KeePass's plugin/extension frameworks.
I use windows, Debian, iOS, and Firefox as the browser on desktop. Any recommendations?
$ unzip -l 1PasswordExport-ILESALYKVFDNJH3K24FEO3QRHM-20220611-100457.1pux
...
1952 01-01-1980 00:00 files/dbp6d2jjtfbwbp5tnqx6vw5jaa__developerID_installer.pemSome of the items you attempted to export were documents. There is currently no support for exporting Documents from 1Password.
So apparently, it exports pems. That's great. It doesn't export most attachments.
edit: This is apparently new behavior in 1password8. If you have upgraded to the very latest version, the .1PUX export does seem to finally solve this problem. But that's new - it was not true for any previous version.
1Password's extensions getting worse with every update gets me closer each day though.
I'm waiting for someone to point out that BW's extensions are open source and are still a dumpster fire, but for me the difference is that BW started as a dumpster fire, so I don't feel compelled to bring their extension up to sane operating levels, whereas 1P's are _mostly_ right, and just need a tune-up here and there