Encrypted Exports
Vault data can be exported in an encrypted JSON file. In most Bitwarden apps, these exports are encrypted using your account's encryption key, which are generated on account creation and unique to each Bitwarden user account. The CLI has a unique option to encrypt the file with a specified password.
warning
Rotating your account's encryption key will render an encrypted export impossible to decrypt. If you rotate your account encryption key, replace any old files with new one that use the new encryption key.
Account encryption keys are unique to each Bitwarden user account, so you won't be able to import an encrypted export into a different account.
Encrypted exports will include all vault data, including logins, cards, secure notes, and identities. An encrypted export of the following plaintext login item:
{
...
"login": {
"username": "mylogin",
"password": "mypassword",
"totp": "otpauth://totp/my-secret-key"
},
...
Will look something like:
{
...
"login": {
"username": "9.dZwQ+b9Zasp98dnfp[g|dHZZ1p19783bn1KzkEsA=l52bcWB/w9unvCt2zE/kCwdpiubAOf104os}",
"password": "1o8y3oqsp8n8986HmW7qA=oiCZo872b3dbp0nzT/Pw=|A2lgso87bfDBCys049ano278ebdmTe4:",
"totp": "2CIUxtpo870B)*^GW2ta/xb0IYyepO(*&G(&BB84LZ5ByZxu0E9hTTs6PHg0=8q5DHEPU&bp9&*bns3EYgETXpiu9898sxO78l"
},
...
Create an Encrypted Export
Creating an encrypted export follows the normal export procedure. When prompted for File Format, select .json (Encrypted)
:
Import an Encrypted Export
Importing an encrypted export follows the normal import procedure. When prompted for File Format, select .json
:
tip
There is no import option specifically for encrypted exports. A handler will determine that the .json
file is encrypted and attempt to decrypt the file using your account's encryption key.