Encrypted Exports
Vault data can be exported in an encrypted .json
file. Encrypted export files will contain vault items from your organization or individual vault, and will not include Sends, trash, or item attachments. Password protected exports can be creating using the web vault or CLI. Bitwarden provides two encrypted export types:
Account restricted: Export an encrypted file that can only be re-imported to the Bitwarden account or organization that generated the encrypted export file. This process utilizes the relative account or organization encryption key specific to the restricted export.
Password protected: Export an encrypted file protected with a password of your choosing. This file can be decrypted with the password and can be imported to any Bitwarden account.
The specified password is salted, used to derive an encryption key using PBKDF2 with 100,000 iterations, and finally stretched with HDKF into a new encryption key, which encrypts your data, and message authentication code (MAC).
warning
Account restricted exports can not be imported to a different account. Additionally, rotating your account's encryption key will render an account restricted export impossible to decrypt. If you rotate your account encryption key, replace any old files with new ones that use the new encryption key.
If you wish to import an encrypted .json
file onto a different Bitwarden account, select the Password protected export type when creating an export.
Encrypted exports will include vault items such as logins, cards, secure notes, and identities. An encrypted export of the following plaintext login item:
Bash{
...
"login": {
"username": "mylogin",
"password": "mypassword",
"totp": "otpauth://totp/my-secret-key"
},
...
Will look something like:
Bash{
...
"login": {
"username": "9.dZwQ+b9Zasp98dnfp[g|dHZZ1p19783bn1KzkEsA=l52bcWB/w9unvCt2zE/kCwdpiubAOf104os}",
"password": "1o8y3oqsp8n8986HmW7qA=oiCZo872b3dbp0nzT/Pw=|A2lgso87bfDBCys049ano278ebdmTe4:",
"totp": "2CIUxtpo870B)*^GW2ta/xb0IYyepO(*&G(&BB84LZ5ByZxu0E9hTTs6PHg0=8q5DHEPU&bp9&*bns3EYgETXpiu9898sxO78l"
},
...
Creating an encrypted export follows the normal export procedure. When prompted for File Format, select .json (Encrypted)
:
To export your individual vault data from the web app:
In the Bitwarden web app, select Tools → Export vault from the navigation:
Choose a location to Export from and a File Format (
.json
,.csv
, or.json (Encrypted)
). Only collections for which you have Can manage permission will be exported if you select an organization from the Export from dropdown.If you selected
.json (Encrypted)
, choose the Export type that you would like for the encrypted export:Account restricted: This file can only be imported to the current Bitwarden account that generated the encrypted export file.
Password protected: This file can be imported to any Bitwarden account by utilizing the password set during the encrypted export process.
Select Confirm format and select the Export vault button to finish. You will need to confirm your permission to do this using your master password or an email verification code.
To export your individual vault data from a browser extension:
Open the
Settings tab.Select Vault and then Export vault.
On the export vault view, choose a File Format (
.json
,.csv
, or.json (Encrypted)
).If you selected
.json (Encrypted)
, choose the Export type that you would like for the encrypted export:Account restricted: This file can only be imported to the current Bitwarden account that generated the encrypted export file.
Password protected: This file can be imported to any Bitwarden account by utilizing the password set during the encrypted export process.
Enter your master password and select Submit.
note
If you are exporting from Vivaldi, you may need to pop-out the browser extension for export to work properly:
To export your individual vault data from a desktop app:
From the menu bar, navigate to File → Export vault.
In the export vault window, choose a File Format (
.json
,.csv
, or.json (Encrypted)
).If you selected
.json (Encrypted)
, choose the Export type that you would like for the encrypted export:Account restricted: This file can only be imported to the current Bitwarden account that generated the encrypted export file.
Password protected: This file can be imported to any Bitwarden account by utilizing the password set during the encrypted export process.
Enter your master password and select the
Download button.
To export your individual vault data from a mobile app:
Tap the
Settings tab.Tap Vault and tap the Export Vault option.
On the export vault view, choose a File format (
.json
,.csv
, or.json (Encrypted)
).tip
If you need to import this data into a new Bitwarden account, we recommend using the web vault to create a Password protected export.
Enter your master password and select the Export vault button.
To export your individual vault data from the CLI, use the export
command. By default, export
will export your vault as a .csv
and save the file to the working directory, however this behavior can be altered using options:
Bashbw export --output /users/me/documents/ --format json --password mYP@ssw0rd
The --password
option can be used to specify a password to use to encrypt encrypted_json
exports instead of your account encryption key.
For more detail, please see review the Bitwarden CLI documentation.
Importing an encrypted export follows the normal import procedure. When prompted for File format, select .json
:
tip
There is no import option specifically for encrypted exports. A handler will determine that the .json
file is encrypted and attempt to decrypt the file using either your account's encryption key or encrypted export password.
To import data to your vault:
Log in to the web vault at https://vault.bitwarden.com, https://vault.bitwarden.eu, or
https://your.bitwarden.domain.com
if self-hosting.Select Tools → Import data from the navigation:
Complete the following fields from the drop down menus:
Import destination: Select the import destination such as your individual vault or an organizational vault that you have access to.
Folder or Collection: Select if you would like the imported content moved to a specific folder or organization collection that you have access to.
File format: Select the import file format.
Select Choose File and add the file to import or copy/paste the contents of your file into the input box.
warning
Importing does not check whether items in the file to import already exist in your vault. If you import multiple files or import files with items already in your vault, this will create duplicates.
Select Import data to trigger the import. If you are importing a password protected
.json
file, enter the password into the Confirm vault import window that will appear.After successful import, delete the import source file from your computer. This will protect you in the event your computer is compromised.
Additional items such as file attachments, Sends, and trash will need to be manually uploaded to your vault.
To import data to your vault:
Select the Settings tab and choose Vault and then the Import items option.
Complete the following fields from the drop down menus:
Import destination: Select the import destination such as your individual vault or an organizational vault that you have access to.
Folder or Collection: Select if you would like the imported content moved to a specific folder or organization collection that you have access to.
File format: Select the import file format.
Select Choose File and add the file to import or copy/paste the contents of your file into the input box.
warning
Importing does not check whether items in the file to import already exist in your vault. If you import multiple files or import files with items already in your vault, this will create duplicates.
Select Import Data to trigger the import. If you are importing a password protected
.json
file, enter the password into the Confirm Vault Import window that will appear.After successful import, delete the import source file from your computer. This will protect you in the event your computer is compromised.
To import data to your vault:
Select File > Import data.
Complete the following fields from the drop down menus:
Import destination: Select the import destination such as your individual vault or an organizational vault that you have access to.
Folder or Collection: Select if you would like the imported content moved to a specific folder or organization collection that you have access to.
File format: Select the import file format.
Select Choose File and add the file to import or copy/paste the contents of your file into the input box.
warning
Importing does not check whether items in the file to import already exist in your vault. If you import multiple files or import files with items already in your vault, this will create duplicates.
Select Import Data to trigger the import. If you are importing a password protected
.json
file, enter the password into the Confirm Vault Import window that will appear.After successful import, delete the import source file from your computer. This will protect you in the event your computer is compromised.
To import data to your vault from the CLI, use the following command:
Bashbw import <format> <path>
bw import
requires a format (use bw import --formats
to retrieve a list of formats) and a path, for example:
Bashbw import <format> /Users/myaccount/Documents/mydata.csv
After successful import, delete the import source file from your computer. This will protect you in the event your computer is compromised.
Suggest changes to this page
How can we improve this page for you?
For technical, billing, and product questions, please contact support