Backup Server Data
When self-hosting Bitwarden, you are responsible for implementing your own backup procedures in order to keep data safe. Though the steps required to do so will depend on your deployment method, in all cases it is recommended that you:
Manually take regular backups of important data, including configuration data, certificate data, and more.
Ensure that automatically-recurring database backups are being taken.
tip
In Docker deployments using the built-in database, a nightly backup runs as long as the
mssql
container is running. In Helm deployments, you will need to either schedule a job outside the cluster or create a CronJob object within the cluster, and Bitwarden provides examples to help guide your approach.
Manual backups
Bitwarden will take automatic nightly backups of the mssql
database container (see below), however for the most complete disaster recovery (DR) plan you should manually backup and keep safe the entire ./bwdata
directory.
Particularly important pieces of ./bwdata
to backup regularly include:
./bwdata/env
- Instance's environment variables, including database and certificate passwords../bwdata/core/attachments
- Instance's vault item attachments../bwdata/mssql/data
- Instance's database data../bwdata/core/aspnet-dataprotection
- Framework-level data protection, including authentication tokens and some database columns.
Automatic database backups
Bitwarden will automatically take nightly backups of the mssql
database container, as long as the container running. These backups are stored in the ./bwdata/mssql/backups
directory for 30 days.
Restore a database backup
In the event of data loss, you can use ./bwdata/mssql/backups
to restore a nightly backup. Complete the following steps to restore a nightly backup:
Retrieve your database password from the
globalSettings__sqlServer__connectionString=...Password=
value found inglobal.override.env
.Identify the Container ID of the
mssql
container using thedocker ps
command.Run the following command to open a bash session for your
mssql
docker container:Bashdocker exec -it bitwarden-mssql /bin/bash
Your command prompt should now match the identified Container ID of the
bitwarden-mssql
container.In the container, locate the backup file you wish to restore.
note
The backup directory in the container is volume-mapped from the host directory.
./bwdata/mssql/backups
on the host machine maps toetc/bitwarden/mssql/backups
in the container.
For example, a file
/etc/bitwarden/mssql/backups/vault_FULL_20201208_003243.BAK
is a backup taken on December 08, 2020 at 12:32am.Start the
sqlcmd
utility with the following command:Bash/opt/mssql-tools/bin/sqlcmd -S localhost -U <sa> -P <sa-password>
where
<sa>
and<sa-password>
match theUser=
andPassword=
values found inglobal.override.env
.Once in the
sqlcmd
utility, you have two options for backup:Offline restore (Preferred)
Run the following SQL commands:
Bash1> use master 2> GO 1> alter database vault set offline with rollback immediate 2> GO 1> restore database vault from disk='/etc/bitwarden/mssql/backups/vault_FULL_{Backup File Name}.BAK' with replace 2> GO 1> alter database vault set online 2> GO 1> exit
Restart your Bitwarden instance to finish restoring.
Online restore
Execute the following SQL commands:
Bash1> RESTORE DATABASE vault FROM DISK = '/etc/bitwarden/mssql/backups/vault_FULL_20200302_235901.BAK' WITH REPLACE 2> GO
Restart your Bitwarden instance to finish restoring.