Self-host

Backup Server Data

When self-hosting Bitwarden, you are responsible for implementing your own backup procedures in order to keep data safe. Though the steps required to do so will depend on your deployment method, in all cases it is recommended that you:

  • Manually take regular backups of important data, including configuration data, certificate data, and more.

  • Ensure that automatically-recurring database backups are being taken.

    tip

    In Docker deployments using the built-in database, a nightly backup runs as long as the mssql container is running. In Helm deployments, you will need to either schedule a job outside the cluster or create a CronJob object within the cluster, and Bitwarden provides examples to help guide your approach.

Manual backups

Bitwarden will take automatic nightly backups of the mssql database container (see below), however for the most complete disaster recovery (DR) plan you should manually backup and keep safe the entire ./bwdata directory.

Particularly important pieces of ./bwdata to backup regularly include:

  • ./bwdata/env - Instance's environment variables, including database and certificate passwords.

  • ./bwdata/core/attachments - Instance's vault item attachments.

  • ./bwdata/mssql/data - Instance's database data.

  • ./bwdata/core/aspnet-dataprotection - Framework-level data protection, including authentication tokens and some database columns.

Automatic database backups

Bitwarden will automatically take nightly backups of the mssql database container, as long as the container running. These backups are stored in the ./bwdata/mssql/backups directory for 30 days.

Restore a database backup

In the event of data loss, you can use ./bwdata/mssql/backups to restore a nightly backup. Complete the following steps to restore a nightly backup:

  1. Retrieve your database password from the globalSettings__sqlServer__connectionString=...Password= value found in global.override.env.

  2. Identify the Container ID of the mssql container using the docker ps command.

  3. Run the following command to open a bash session for your mssql docker container:

    Bash
    docker exec -it bitwarden-mssql /bin/bash

    Your command prompt should now match the identified Container ID of the bitwarden-mssql container.

  4. In the container, locate the backup file you wish to restore.

    note

    The backup directory in the container is volume-mapped from the host directory. ./bwdata/mssql/backups on the host machine maps to etc/bitwarden/mssql/backups in the container.

    For example, a file /etc/bitwarden/mssql/backups/vault_FULL_20201208_003243.BAK is a backup taken on December 08, 2020 at 12:32am.

  5. Start the sqlcmd utility with the following command:

    Bash
    /opt/mssql-tools/bin/sqlcmd -S localhost -U <sa> -P <sa-password>

    where <sa> and <sa-password> match the User= and Password= values found in global.override.env.

  6. Once in the sqlcmd utility, you have two options for backup:

    1. Offline restore (Preferred)

      Run the following SQL commands:

      Bash
      1> use master 2> GO 1> alter database vault set offline with rollback immediate 2> GO 1> restore database vault from disk='/etc/bitwarden/mssql/backups/vault_FULL_{Backup File Name}.BAK' with replace 2> GO ​1> alter database vault set online 2> GO 1> exit

      Restart your Bitwarden instance to finish restoring.

    2. Online restore

      Execute the following SQL commands:

      Bash
      1> RESTORE DATABASE vault FROM DISK = '/etc/bitwarden/mssql/backups/vault_FULL_20200302_235901.BAK' WITH REPLACE 2> GO

      Restart your Bitwarden instance to finish restoring.