Skip to content

rbreunung/bitwarden-export

BranchesTags

Repository files navigation

Bitwarden Export

If you want to move Bitwarden credentials to another server, there is one major feature missing in the vendors clients. Export and reimport your credentials with related attachments.

This Powershell script shall solve the issue. Please refer to the designed use cases.

Preconditions

  1. All commands are executed in a Powershell. (Tested with 7.4)
  2. BitWarden CLI is installed and authenticated.
  3. Node.js version 16 is installed.
# check for Node.js version 16
node --version
# login to your account
bw login
# Optional: unlock your account if you already are logged in from a passed session
bw unlock
# set the key for the terminal session to avoid further authentication queries
$env:BW_SESSION="<my token>"
# ensure your data us up-to-date
bw sync

Usage

The command examples contain Windows platform specific paths. The scripts are tested on MacOS as well.

Export

Create a folder containing all exported elements export-<timestamp>.

.\10-export.ps1

Import in one Step

Import from the given folder. The vault folders, vault items and attachments.

.\20-import.ps1 .\export-<timestamp> -DebugMode 0
Parameter Type Default Value Description
ImportPath [string]
DebugMode [bool] $true
OnlyFolder [switch] $false
MapExistingFolder [bool] $true
OnlyPrivateVault [switch] $false
OnlyItems [switch] $false
OnlyAttachments [switch] $false
FolderMapFile [string] folder-map.json
ItemMapFile [string] item-map.json

Import in Detail Steps

Create a Folder Mapping

.\21-import-folder.ps1 -ImportPath .\export-<timestamp>\ -DebugMode 0 -MapExistingFolder
Parameter Type Default Value Description
-ImportPath [String] Path to the Export folder created during Export
-DebugMode [bool] $true If this is true, only the commands will be printed, which shall be executed.
-MapExistingFolder [bool] $true Whether existing folders with same names as import folders shall be reused. If false, it will create duplicate folders for each import and recreate the FolderMapFile.
-FolderMapFile [string] folder-map.json Output file. <ImportPath>/<FolderMapFile> Will contain the mapping from folder name to vault UUID used in the following import steps.

Import Items

Import Attachments

Hints

Developer Notes

Node.js 16

The version of Node.js 16 is required by the import-attachment-step. All other steps are tested and working with latest Node.js. The command bw create attachment is currently broken, when executed with any other Node.js version. This is a known issue.

Update: With 2024 CLI running on Node 16 is no more possible. Thus feature uploading attachments is blocked on servers which are not running vault.bitwarden.com original server software.

Export data model

  • Export folder with current date.
    • export-list-folders.json contains an array of all folders as provided by bw list folders.
    • export-list-items.json contains an array of all items as provided by bw list items.
    • export-list-organizations.json contains an array of all items as provided by bw list organizations.
    • export-private.json contains the export of the private vault.
    • export-UUID.json contains the export of each organization with id UUID.
    • UUID folder contains the attachment files of the item with id UUID.
      • The attachment files are in their original name with their content.
  • Additional files created by the import.
    • folder-map.json contains all folders and their target-id in the target vault. This is created by the import-folder-step and required by import-items-step in order to reassign all items to their prior folders.
    • item-map.json contains all items and their target-id in the target vault. This is created by the import-items-step and required by the import-attachments-step in order to reassign all attachments to their prior items.

Edit a Value

Editing a value in an converted Object is pretty straight forward.

bw list organizations | ConvertFrom-Json | ForEach-Object {$_.name = "foo"; $_} | ConvertTo-Json

JSON Conversion Depth

Of course the default -Depth values of ConvertFrom-Json and ConvertTo-Json are not equal. With a ConvertTo-Json default depth of 2 you get nicely partially converted objects if you test your roundtrip.

$data = Invoke-Expression "bw list items --pretty"  | ConvertFrom-Json -Depth 10 | ConvertTo-Json -Depth 10

Approach bw list

After testing the approach in the first place I figured out, it will not be simply possible to reimport this list. More promising seems the approach to go with the official JSON export function.

Pro:

  • All elements from the vault including all organizations in one view.
  • All references to attachments included.

Con:

  • No folder descriptions exported.
  • No organization descriptions.
  • Can be imported one by one through item create. (adapt item -> encode -> create)

Approach bw export

The official export may support a better import behavior, but there are relevant shortages.

Pro:

  • support of JSON import from BitWarden
  • all Folders exported

Con:

  • Major: No attachment is referenced.
  • Minor: Every organization and the private vault need to be exported separately.
  • Does not export folder IDs for organization vault export.

JSON parsing via Invoke-Expression

Special characters are not properly parsed when reading a bw list via std out stream directly into a Powershell pipeline. The cause I did not get till now. A workaround is to pipe the std out directly into a file and continue the work with a file.

bw list items > export-list.json

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages