🎥 Video Link

Transcript

Please excuse any grammatical errors. I used a tool to generate the transcript and haven’t had a chance to read through it yet.

Today, I want to talk about Bitwarden. Let me start by saying that I think it’s a great password manager and a solid option for many people. I’ve been self-hosting it for the past two years, but there’s one major feature missing that could potentially cause problems for users, just as it did for me.

For the past two years, I’ve been hosting Bitwarden on a Raspberry Pi, along with a few other containers. Recently, I wanted to simplify and consolidate my setup, so I moved Bitwarden, along with the other containers, to an existing Mini PC I had. I got the containers up and running on the new host, and the next step was to restore the backups I had taken. Everything went smoothly—backups for the other containers restored perfectly. When I restored Bitwarden’s backup, everything seemed fine. I signed in on my other devices, ensured syncing was working, and verified all my passwords were intact. Perfect.

About a month later, everything still looked good. Confident in my setup, I decided to format the drive the Raspberry Pi was using and deleted the backups I had for it. Then, of course, Murphy’s Law struck. I logged into my new Bitwarden instance to check on some documents I had uploaded, and to my surprise, they were gone.

This leads to the major feature Bitwarden is missing: the ability to export attachments when you back up your vault.

Let me walk you through what happened. In my self-hosted instance, I had to use a cloud-hosted Bitwarden Vault to get a license for the self-hosted subscription. So, I decided to test this feature in the cloud-hosted vault. Here’s what I found:

When you try to export your vault, you have a few options—JSON, CSV, or encrypted JSON. I selected JSON, confirmed the format, typed in my master password, and exported the vault. When I looked at the exported file, it was clear something was off. The file size was only 636 bytes, even though the test entry I uploaded included a 40 MB attachment.

I’ll take some responsibility here—there were red flags I should have noticed. The file was too small, and JSON is unlikely to contain encoded attachments due to size limitations. There were no additional folders or files for attachments, just a single, tiny JSON file. I should have realized this, but I was working casually and didn’t double-check.

To make matters worse, there’s no warning in the Bitwarden interface about attachments not being included in exports. The only mention of this that I could find was in the “Export Vault” help document, which states: “Vault exports will not include file attachments, items in the trash, or sends.” While they do technically warn you, I think this information should be far more prominent.

Bitwarden has no problem including warnings in other parts of the app. For instance, the “Security” tab highlights warnings about changing your master password or enabling two-step login with yellow-highlighted alerts. A similar approach for export warnings could save users from losing critical data.

Needless to say, I lost backups of SSH keys, important documents, and even photos of identification that I had stored securely in Bitwarden. It’s a harsh lesson in the importance of keeping local backups, which is a topic I’ll cover in a future discussion.

After realizing this, I started searching to see if others had faced the same issue. I found a Hacker News thread discussing the exact problem: Bitwarden does not export attachments in backups. The thread linked to a community feature request for this functionality dating back to May 2018. That’s nearly six years, and the feature still hasn’t been implemented.

Some commenters suggested contributing to the open-source project by submitting a pull request to implement the feature. While that’s a fair point, it’s also worth noting that file attachments are a paid feature. If you’re paying for the product, you might reasonably expect such a basic feature to be included without needing to develop it yourself.

All this is to say: if you’re using attachments in Bitwarden or considering it, I’d recommend either avoiding them or ensuring you save local copies of any files you upload. Personally, I might use this as an opportunity to explore other options like KeePass and see if they better meet my needs.

I hope sharing this experience helps someone avoid losing their attachments in Bitwarden. If you have any questions or comments, feel free to leave them below, and I’ll see you next time.