Vault Data
All vault data is encrypted by Bitwarden before being stored anywhere. To learn how, see Encryption.
Vault data can only be decrypted using a key derived from your master password. Bitwarden is a zero knowledge encryption solution, meaning you are the only party with access to your key and the ability to decrypt the vault data. Listed below are examples of the data that is encrypted, as well as download links demonstrating the encrypted data.
tip
We encourage you to review our privacy policy for more information.
Vault data that is encrypted:
For all items:
Item names
Notes
Attachments
Attachment name
File contents
File encryption key
Custom field names and values
For logins:
Usernames
Passwords
Password history
URIs (i.e. match detection strings)
Authenticator keys (i.e. TOTP secrets)
For cards:
Cardholder names
Numbers
Brands
Expiration dates
Security codes
For identities:
Names (Title/First/Middle/Last)
Usernames
Companies
Social Security numbers, passport numbers, and license numbers
Emails and phones
Address 1, Address 2, Address 3, City / Town, State / Province, Zip / Postal code, Country
For Sends:
Send names
Send text
Send file
Send notes
Send encryption key (learn more)
Folder names
Collection names
Some data, but never vault data, is used to provide the Bitwarden service to you. This is referred to as administrative data and can be accessed by Bitwarden. Learn more.