Encrypted Exports
Vault data can be exported in an encrypted .json file. Encrypted export files will contain vault items from your organization or individual vault, and will not include Sends, password history, trash, or item attachments. Password protected exports can be creating using the web vault or CLI. Bitwarden provides two encrypted export types:
Account restricted: Export an encrypted file that can only be re-imported to the Bitwarden account that generated the encrypted export file. This process utilizes the account encryption key specific to the Bitwarden account.
Password protected: Export an encrypted file protected with a password of your choosing. This file can be decrypted with the password and can be imported to any Bitwarden account.
The specified password is salted, used to derive an encryption key using PBKDF2 with 100,000 iterations, and finally stretched with HDKF into a new encryption key, which encrypts your data, and message authentication code (MAC).
warning
Account restricted exports can not be imported to a different account. Additionally, rotating your account's encryption key will render an account restricted export impossible to decrypt. If you rotate your account encryption key, replace any old files with new ones that use the new encryption key.
If you wish to import an encrypted .json file onto a different Bitwarden account, select the Password protected export type when creating an export.
Encrypted exports will include vault items such as logins, cards, secure notes, and identities. An encrypted export of the following plaintext login item:
{
...
"login": {
"username": "mylogin",
"password": "mypassword",
"totp": "otpauth://totp/my-secret-key"
},
...Will look something like:
{
...
"login": {
"username": "9.dZwQ+b9Zasp98dnfp[g|dHZZ1p19783bn1KzkEsA=l52bcWB/w9unvCt2zE/kCwdpiubAOf104os}",
"password": "1o8y3oqsp8n8986HmW7qA=oiCZo872b3dbp0nzT/Pw=|A2lgso87bfDBCys049ano278ebdmTe4:",
"totp": "2CIUxtpo870B)*^GW2ta/xb0IYyepO(*&G(&BB84LZ5ByZxu0E9hTTs6PHg0=8q5DHEPU&bp9&*bns3EYgETXpiu9898sxO78l"
},
...Creating an encrypted export follows the normal export procedure. When prompted for File Format, select .json (Encrypted):
To export your individual vault data from the web vault:
Select Tools from the top navigation bar.
Select Export Vault from the tools menu.
On the vault export page, choose a File Format (
.json,.csv, or.json (Encrypted)).If selecting
.json (Encrypted), choose the File Type that you would like for the encrypted export:Account restricted: This file can only be imported to the current Bitwarden account that generated the encrypted export file.
Password protected: This file can be imported to any Bitwarden account by utilizing the password set during the encrypted export process.
Select Confirm Format, enter your master password, and select the Export Vault button to finish.
To export your individual vault data from a browser extension:
Open the Settings tab.
Scroll down to the Tools section and select the Export vault option.
On the export vault view, choose a File Format (
.json,.csv, or.json (Encrypted)).tip
If you need to import this data into a new Bitwarden account, we recommend using the web vault to create a Password protected export.
Enter your master password and select Submit.
note
If you are exporting from Vivaldi, you may need to pop-out the browser extension for export to work properly:
To export your individual vault data from a desktop app:
From the menu bar, navigate to File → Export vault.
In the export vault window, choose a File Format (
.json,.csv, or.json (Encryped)).tip
If you need to import this data into a new Bitwarden account, we recommend using the web vault to create a Password protected export.
Enter your master password and select the Download button.
To export your individual vault data from a mobile app:
Tap the Settings tab.
Tap Vault and tap the Export Vault option.
On the export vault view, choose a File format (
.json,.csv, or.json (Encrypted)).tip
If you need to import this data into a new Bitwarden account, we recommend using the web vault to create a Password protected export.
Enter your master password and select the Export vault button.
To export your individual vault data from the CLI, use the export command. By default, export will export your vault as a .csv and save the file to the working directory, however this behavior can be altered using options:
bw export --output /users/me/documents/ --format json --password mYP@ssw0rdThe --password option can be used to specify a password to use to encrypt encrypted_json exports instead of your account encryption key.
For more detail, please see review the Bitwarden CLI documentation.
Importing an encrypted export follows the normal import procedure. When prompted for File Format, select .json:
tip
There is no import option specifically for encrypted exports. A handler will determine that the .json file is encrypted and attempt to decrypt the file using either your account's encryption key or encrypted export password.
To import data to your vault:
Log in to the web vault at https://vault.bitwarden.com, or
https://your.bitwarden.domain.comif self-hosting.Select Tools from the top navigation bar.
Select Import Data from the tools menu.
Complete the following fields from the drop down menus:
Import destination: Select the import destination such as your individual vault or an organizational vault that you have access to.
Folder or Collection: Select if you would like the imported content moved to a specific folder or organization collection that you have access to.
File format: Select the import file format.
Select Choose File and add the file to import or copy/paste the contents of your file into the input box.
warning
Importing does not check whether items in the file to import already exist in your vault. If you import multiple files or import files with items already in your vault, this will create duplicates.
Select Import Data to trigger the import. If you are importing a password protected
.jsonfile, enter the password into the Confirm Vault Import window that will appear.After successful import, delete the import source file from your computer. This will protect you in the event your computer is compromised.
Additional items such as File attachments, Sends, trash, and password history will need to be manually uploaded to your vault.
To import data to your vault:
Select the Settings tab and choose the Import items option.
Complete the following fields from the drop down menus:
Import destination: Select the import destination such as your individual vault or an organizational vault that you have access to.
Folder or Collection: Select if you would like the imported content moved to a specific folder or organization collection that you have access to.
File format: Select the import file format.
Select Choose File and add the file to import or copy/paste the contents of your file into the input box.
warning
Importing does not check whether items in the file to import already exist in your vault. If you import multiple files or import files with items already in your vault, this will create duplicates.
Select Import Data to trigger the import. If you are importing a password protected
.jsonfile, enter the password into the Confirm Vault Import window that will appear.After successful import, delete the import source file from your computer. This will protect you in the event your computer is compromised.
To import data to your vault:
Select File > Import data.
Complete the following fields from the drop down menus:
Import destination: Select the import destination such as your individual vault or an organizational vault that you have access to.
Folder or Collection: Select if you would like the imported content moved to a specific folder or organization collection that you have access to.
File format: Select the import file format.
Select Choose File and add the file to import or copy/paste the contents of your file into the input box.
warning
Importing does not check whether items in the file to import already exist in your vault. If you import multiple files or import files with items already in your vault, this will create duplicates.
Select Import Data to trigger the import. If you are importing a password protected
.jsonfile, enter the password into the Confirm Vault Import window that will appear.After successful import, delete the import source file from your computer. This will protect you in the event your computer is compromised.
To import data to your vault from the CLI, use the following command:
bw import <format> <path>bw import requires a format (use bw import --formats to retrieve a list of formats) and a path, for example:
bw import lastpasscsv /Users/myaccount/Documents/mydata.csvAfter successful import, delete the import source file from your computer. This will protect you in the event your computer is compromised.