starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-04-26 09:46:00 +03:00
Code Issues 39 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #826] Vault sync/export in case of no network access #579

New issue
Closed
opened 2026-03-03 01:30:44 +03:00 by kerem · 7 comments
kerem commented 2026-03-03 01:30:44 +03:00
Owner
Copy link

Originally created by @void-in on GitHub (Jan 27, 2020).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/826

Subject of the issue

First of all thank you very much for this wonderful project. We are hosting our own Bitwarden_rs server in our data center. Just wanted to know is there any option to sync the vault on the client machines so that in case we don't have access to our data center bt machine, we can get the credentials through the locally synced vault on the client machine and then login into the server machines through console?

Your environment

  • Bitwarden_rs version: 2.12.1
  • Install method: docker image through docker pull bitwardenrs/server:latest
  • Clients used: Bitwarden client for Desktop (Windows)
  • Reverse proxy and version: None
  • Version of mysql/postgresql:
  • Other relevant information:

I know about the rs_backup to periodically take the backup of the persistent data or the DB but what I want is to be able to sync the vault locally so that if the server is not accessible, we are still able to view the stored credentials.

Thank you very much.

Update: So I believe the above requirement could be fulfilled if we have some option to export the vault from the command line of the bitwarden_rs server (just like the one in the UI). Just wanted to know if there is any such functionality available now or in the pipeline.

Originally created by @void-in on GitHub (Jan 27, 2020). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/826 <!-- Please fill out the following template to make solving your problem easier and faster for us. This is only a guideline. If you think that parts are unneccessary for your issue, feel free to remove them. Remember to hide/obfuscate personal and confidential information, such as names, global IP/DNS adresses and especially passwords, if neccessary. --> ### Subject of the issue First of all thank you very much for this wonderful project. We are hosting our own Bitwarden_rs server in our data center. Just wanted to know is there any option to sync the vault on the client machines so that in case we don't have access to our data center bt machine, we can get the credentials through the locally synced vault on the client machine and then login into the server machines through console? ### Your environment * Bitwarden_rs version: 2.12.1 * Install method: docker image through docker pull bitwardenrs/server:latest * Clients used: Bitwarden client for Desktop (Windows) * Reverse proxy and version: None * Version of mysql/postgresql: <!-- if applicable --> * Other relevant information: I know about the rs_backup to periodically take the backup of the persistent data or the DB but what I want is to be able to sync the vault locally so that if the server is not accessible, we are still able to view the stored credentials. Thank you very much. **Update:** So I believe the above requirement could be fulfilled if we have some option to export the vault from the command line of the bitwarden_rs server (just like the one in the UI). Just wanted to know if there is any such functionality available now or in the pipeline.
kerem closed this issue 2026-03-03 01:30:45 +03:00
kerem commented 2026-03-03 01:30:45 +03:00
Author
Owner
Copy link

@tomuta commented on GitHub (Jan 28, 2020):

The whole idea of bitwarden is that your credentials are safe, even if someone were to be able to steal the server database. So, by design, you cannot export the credentials on the server side, as the server would have to know the password, which is never sent to it.

The only way to accomplish this would be an enhancement of the client(s).

A better approach would probably be mirroring the database (mysql lets you sync servers in real time), and running backup instances? You'd have to share the server key between them, though.

<!-- gh-comment-id:579051209 --> @tomuta commented on GitHub (Jan 28, 2020): The whole idea of bitwarden is that your credentials are safe, even if someone were to be able to steal the server database. So, by design, you cannot export the credentials on the server side, as the server would have to know the password, which is never sent to it. The only way to accomplish this would be an enhancement of the client(s). A better approach would probably be mirroring the database (mysql lets you sync servers in real time), and running backup instances? You'd have to share the server key between them, though.
kerem commented 2026-03-03 01:30:46 +03:00
Author
Owner
Copy link

@void-in commented on GitHub (Jan 28, 2020):

@tomuta Thank you very much for the response. Yes I totally understand where you are coming from. I was thinking about the way the vault is exported from the UI where it asks for the master password and then decrypts the credentials and export in plain.

Backup instances are good but our issue is we want to be able to recover the credentials from the vault by logging into the server through the console and still able to recover the credentials using the master password. Bitwarden has the option to export the vault from the command line using the master password https://github.com/bitwarden/help/blob/master/_articles/miscellaneous/cli.md#export so I was thinking if something like this is possible with bitwarden_rs as well.

<!-- gh-comment-id:579103598 --> @void-in commented on GitHub (Jan 28, 2020): @tomuta Thank you very much for the response. Yes I totally understand where you are coming from. I was thinking about the way the vault is exported from the UI where it asks for the master password and then decrypts the credentials and export in plain. Backup instances are good but our issue is we want to be able to recover the credentials from the vault by logging into the server through the console and still able to recover the credentials using the master password. Bitwarden has the option to export the vault from the command line using the master password https://github.com/bitwarden/help/blob/master/_articles/miscellaneous/cli.md#export so I was thinking if something like this is possible with bitwarden_rs as well.
kerem commented 2026-03-03 01:30:46 +03:00
Author
Owner
Copy link

@tomuta commented on GitHub (Jan 28, 2020):

Well, we could write such a cli tool as well, but this again requires the user's master password, which they can change any time.

<!-- gh-comment-id:579349043 --> @tomuta commented on GitHub (Jan 28, 2020): Well, we could write such a cli tool as well, but this again requires the user's master password, which they can change any time.
kerem commented 2026-03-03 01:30:46 +03:00
Author
Owner
Copy link

@void-in commented on GitHub (Jan 28, 2020):

Master password shouldn't be a problem since the same activity can be done remotely through the desktop client connected to the server remotely. So having the option to do the same from the command line would really be helpful for the self hosted option in case one is unable to connect to the bitwarden_rs server because of connectivity issues.

<!-- gh-comment-id:579362920 --> @void-in commented on GitHub (Jan 28, 2020): Master password shouldn't be a problem since the same activity can be done remotely through the desktop client connected to the server remotely. So having the option to do the same from the command line would really be helpful for the self hosted option in case one is unable to connect to the bitwarden_rs server because of connectivity issues.
kerem commented 2026-03-03 01:30:46 +03:00
Author
Owner
Copy link

@fbartels commented on GitHub (Jan 28, 2020):

The cli client is using the same api as the web client and therefore works just the same also with bitwarden_rs.

I haven't tested the desktop client, but the chrome extension does cache your vault and can easily be queried while offline. the one thing you cannot do in that case is modifying or adding entries. And I do think that attachments are also only kept online.

<!-- gh-comment-id:579402553 --> @fbartels commented on GitHub (Jan 28, 2020): The cli client is using the same api as the web client and therefore works just the same also with bitwarden_rs. I haven't tested the desktop client, but the chrome extension does cache your vault and can easily be queried while offline. the one thing you cannot do in that case is modifying or adding entries. And I do think that attachments are also only kept online.
kerem commented 2026-03-03 01:30:46 +03:00
Author
Owner
Copy link

@mprasil commented on GitHub (Jan 29, 2020):

And I do think that attachments are also only kept online.

That's correct /api/sync does not sync attachments.

<!-- gh-comment-id:579682056 --> @mprasil commented on GitHub (Jan 29, 2020): > And I do think that attachments are also only kept online. That's correct `/api/sync` does not sync attachments.
kerem commented 2026-03-03 01:30:46 +03:00
Author
Owner
Copy link

@void-in commented on GitHub (Jan 29, 2020):

@fbartels Thank you so much. Indeed you are absolutely right. I should have tested it first. Not only the Chrome but the Native Windows Desktop client is also able to open the vault in a read only mode without requiring connecting to the server.

Also, the cli is compatible with bitwarden_rs just as it is with the bitwarden. Thanks once again to you and @tomuta for looking into this.

<!-- gh-comment-id:579738925 --> @void-in commented on GitHub (Jan 29, 2020): @fbartels Thank you so much. Indeed you are absolutely right. I should have tested it first. Not only the Chrome but the Native Windows Desktop client is also able to open the vault in a read only mode without requiring connecting to the server. Also, the cli is compatible with bitwarden_rs just as it is with the bitwarden. Thanks once again to you and @tomuta for looking into this.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
revert-7033-patch-1
cached-config-operations
test_dylint
1.35.8
1.35.7
1.35.6
1.35.5
1.35.4
1.35.3
1.35.2
1.35.1
1.35.0
1.34.3
1.34.2
1.34.1
1.34.0
1.33.2
1.33.1
1.33.0
1.32.7
1.32.6
1.32.5
1.32.4
1.32.3
1.32.2
1.32.1
1.32.0
1.31.0
1.30.5
1.30.4
1.30.3
1.30.2
1.30.1
1.30.0
1.29.2
1.29.1
1.29.0
1.28.1
1.28.0
1.27.0
1.26.0
1.25.2
1.25.1
1.25.0
1.24.0
1.23.1
1.23.0
1.22.2
1.22.1
1.22.0
1.21.0
1.20.0
1.19.0
1.18.0
1.17.0
1.16.3
1.16.2
1.16.1
1.16.0
1.15.1
1.15.0
1.14.2
1.14.1
1.14
1.13.1
1.13.0
1.12.0
1.11.0
1.10.0
1.9.1
1.9.0
1.8.0
1.7.0
1.6.1
1.6.0
1.5.0
1.4.0
1.3.0
1.2.0
1.1.0
1.0.0
0.13.0
0.12.0
0.11.0
0.10.0
0.9.0
Labels
Clear labels   
SSO

   
Third party

   
better for forum

   
bug

   
bug

   
documentation

   
duplicate

   
enhancement

   
future Vault

   
future Vault

   
future Vault

   
good first issue

   
help wanted

   
low priority

   
notes

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
troubleshooting

   
wontfix
No labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
question
troubleshooting
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/vaultwarden#579
No description provided.