Tell HN: Bitwarden does not export attachments in backups
I've been using Bitwarden for about 4 years now and cannot understand how a Password Manager does not export attachments when backing up your data. I understand this was the case when the only export format was a CSV file, but now with JSON files I can't get my head around the fact that I almost missed crucial SSH keys had I not checked the output. A simple solution would be to b64 encode each file and add it into an array!
It's even mentioned on their Help page - https://bitwarden.com/help/export-your-data/ but I still think it's a bit unacceptable that there isn't even a warning in the GUI about this.
And yes, I know there are ways to manually export the files, but I shouldn't have to do that. It's been raised but doesn't appear to be a large enough issue to be put on the roadmap: https://community.bitwarden.com/t/allow-attachments-to-be-ex... The project is open-source, maybe send them a pull request? I like Bitwarden and open source, but attachments are a paid feature for them, so you'd be essentially working to add value to their paid features for free. That feels unfair to me. I think you’d be working to add quality to your backups for free. Sure, they’d also give it to other customers, but what matters is that you have it (and henceforth do not have to maintain your own fork). I think the point is more that you'd be giving away work for free that is only usable by people paying someone other than you. That's a more generous way of looking at it and certainly a fair point. Isn't this argument basically true of any major open-source project? There's always a commercial user somewhere who benefits from your work without paying for it. A contribution to Bitwarden would benefit the paid hosting, sure, but it'd also benefit folks who are self-hosting. Well the clients are still quite nice and you can use them with VaultWarden for free and get attachments. > The project is open-source, maybe send them a pull request? Just because a project is open-source doesn't mean they'll accept a pull request with your feature request in it. Indeed. Few things are worse than spending time and effort figuring out a complex repository, making and testing changes to the code and sending in a patch only to get ignored. Good to see open source hasn't changed in 20 years. This has been my biggest gripe. You have an idea, you present real world use cases, you submit a patch.. Only to have your idea ridiculed or ignored as you point out. THEN, a few weeks/months/years later, your same patch is accepted by someone else with a twitter blue checkmark to rave reviews. I once asked about the possiblity of adding a feature to a project. I was told before I even created the PR that it wouldn't get accepted because there would be no need for such a feature. I looked at the project a few months later and it had that feature. Sometimes the biggest problem to getting new contributors is the current contributors. A great example of that is when Laravel asked the community on reddit why they didn't contribute or what was the biggest hurdle. Everyone responded with the guy who was triaging the tickets. Literally, he would act like a Reddit moderator. One line responses such as "Short answer is , no." Yeah, such a pain. A common variation: you submit a fix or feature, the maintainers then commit their own version without even talking to you. I suggested that mainly because the original poster seemed to be saying "it's so easy, just do X", so it should be minimal effort to send a PR. If it were to be something requiring more effort I'd suggest engaging with the project and asking if a PR would be welcome first. I never switched to Bitwarden because I don't like how it was designed but this is clearly a huge bug even though I probably wouldn't use the feature to attach files. >because I don't like how it was designed can you elaborate? I already have a file server that is synced between my devices so for me KeepassXC works better (i.e.: I don't need to setup another server just for my password manager)... > A simple solution would be to b64 encode each file and add it into an array! An individual file attachment can be as large as 500 MB[0]. It would make the JSON file too big to use. Still, I do think that Bitwarden should warn users about it when exporting. Just mentioning it in the Help Center doesn't seem so helpful. > An individual file attachment can be as large as 500 MB[0]. It would make the JSON file too big to use. The backup would be too big to use if it included all the data it's a backup of? What? The JSON file would be too big to use as a JSON file. Another format could be used for backup. Why is such a JSON file too big to use if it’s only ever handled by streaming parsers? SQLite would be a better backup format ofc. AFAIK SQLite field limit is 2 GB, so if you're used to storing Blurays in your password database, that might be a limiting factor as well. the maximum file size is smaller than 500MB so that's a moot point and not many people are going to be hitting that size limit in the first place... it is a password manager after all. Can you explain how sqlite is a better container for arbitrary binary files than zip? I mean, I know "INSERT INTO files ('my-file.bin', X'CAFEBABE...')" gets it into sqlite, but how would a sane person get that content back out? Well, you can just get BLOBs out of an SQLite DB with SELECT.
Also: https://www.sqlite.org/fasterthanfs.html Not that performance or file size would matter in this case, BUT what using SQLite would allow is to use a single format for persisting all aspects of the password database, with immediate, programmatic, random access to all fields, including attachments. But I also agree, that for this specific use-case, even SQLite is a bit of an overkill probably. Finally, there is always https://www.passwordstore.org/ :) Right, but I feel we're having a miscommunication about the level of effort one should expend to recover the payloads; your mental model is that this: This discussion is about Base64-in-JSON vs SQLite, not binaries-in-ZIP vs SQLite. I recently switched from LastPass to Bitwarden, and LastPass has the same issue. I had to manually save all my attachments and upload them into their proper place on Bitwarden. It was frustrating, but also not a big deal in my case. Worse things have happened. I wholeheartedly agree that these companies should have a warning that attachments won't export. Because I almost forgot about them. Thank you for saying something about this. I make up answers to "security" questions like: first pet's name? Favorite teacher? and so on but that means that I have to record what the answer is. I've been doing that in the notes section for LastPass. I think that I'm going to have to move to doing it in the Notes app since that works on all my Apple devices. And it looks like I can lock one Note without having to lock all of them. In case you haven't already seen it, 1P has effectively a "click button, get fake security question answers" and I love it: https://support.1password.com/generate-security-questions/ They use the "battery horse stable" scheme so you don't have to read crazy ascii over the phone to customer support Bitwarden has the same. I just generated wobble-swaddling-reflex-repost One will observe that I said "click button, get fake security answers" and I just tried it with BW Version 2022.5.1 (3283) and there was for sure no such "add security questions" option I do believe you that it's possible to generate a password using battery-horse-stable but BW places the burden upon the user to create a "security questions" section, fill in the security question prompt, now save the item at this point because fuck the user, and then go to some other section to generate the battery-horse-staple password, copy it to the clipboard, go back into the item, edit it, go back to the section, paste the generated password, and now repeat that for the other 3 fucking required security questions And people ask me why I pay for 1P ... I'll just link them to this process in the future, because it's a night-and-day difference how much BW hates its users I don't even remember the last time I had to input a security question, so personally I wouldn't have wanted them to waste their time with such a feature.
Isn't the feature inherently moot when you're saving the answer in you password manager? The only way to forget your password is if you're unable to access the password manager, which also contains the answer to the security question. At that point you're just as secure inputting any random letters to effectively disable the security question unlock. commercial citimanager is an example of a stupid site that asks for those on any auth flow Since security questions are not standardized (in the same way as a password field is) you may or may not recognize them (as a password manager). I store the questions and answers in the notes section because I am sure I will have the right answers to the right questions. I also expect this to be at the same place where passwords are generated because, well, these are passwords. My hope is that idiotic idea born in the head of a psychopath will die soon (this is just a hope, taken into account the horrible, horrible incompetence of people who design the security of sites, especially password contraints) That is nice. I have ascii 24-48 characters with mixed special characters. A garbled mess to read aloud. Last I checked, notes are included in the export. This post is about attachments Is there any easy way to identify all the entries with an attachment on lastpass?
I was planning to switch to bitwarden, but attachments have been my major concern. How did you do it? Their CLI seems to support showing attachments: https://github.com/lastpass/lastpass-cli/blob/8767b5e53192ad... I use bitwarden/vaultwarden (self hosted), and didn't even know there was an attachment option, so haven't used it upto now.
I did use notes (for storing stuff like ssh/gpg keys), and can confirm that these are exported correctly. Attachments are also not exported in vaultwarden as far as I can see. I'll just stick to stuffing files in notes for now, as I had been doing. > Attachments are also not exported in vaultwarden as far as I can see. Understandable, since sibling comments are saying export happens on the client side, and Vaultwarden is merely a server-side replacement Although also relevant is the sibling observation that if you're already running Vaultwarden isn't "backup" less "export from some faceless corporation" and more "take a backup of the vaultwanden database"? In all fairness I think you can run Bitwarden self hosted too, so it would also just be a database backup I went to bitwarden from dashlane that didnt even export secure notes https://www.reddit.com/r/Dashlane/comments/gfwyvo/comment/fq... This is the same thing again. I switched to 1password before all the funding and feel like there arent any viable alternatives now. Edit: to be clear this isnt me on reddit this thread is just what backed up bitwarden. 1Password remains really great imo - people seem to use worse alternatives for ideological reasons but I don’t think there are any that are actually better. How is it better than BitWarden? I’ve used both and they both seem fine but I didn’t see an obvious reason to prefer it. BW is a lot cheaper as well. My experience is that 1P has a lot more polish and consideration for the user (err, I mean before the "8" debacle). I cannot recall a single time I have lost an autogenerated password, whereas with BW it happened about 50% of the time. Filling up my vault with hundreds of unnecessary password captures is better than losing a single one, because they don't know how important any one password is in order to gauge how "oops, sorrreeee, our bad" affects the user https://github.com/bitwarden/clients/issues/1620 (open since Feb 2021) Aside from that, 1P has a ton more item types, which if one thinks about a password manager as a key-value store, maybe that's not interesting, but for me it's been really great having passport details in a specific spot, without having to invent my own taxonomy for squeezing passport details into key-value pairs Speaking of taxonomy, BW's lack of tagging is a dealbreaker for me. Why in the world do I have to pick just one "folder" for an item to live in: it can be "work" *and* "aws" *and* "testing" allowing me to see all work, all aws, all testing items grouped together I do hate the new 1P api-only approach, but I'm not going to jump ship just yet because the competition is not yet better for my needs > bitwarden/clients/issues/1620 (open since Feb 2021) Oh, try with something much worse, and open since Dec 2017 (no, migrating to a new place is no excuse at all to mark the issue as magically resolved) https://github.com/bitwarden/clients/issues/443 Here I made a pretty clear video of the issue: https://community.bitwarden.com/t/persistent-bitwarden-ui-an... Did anyone care? Not that I know of. It's 2022, so that's been 5 years now. I'll keep paying the pro account as long as it keeps working for me, but it saddens me that we still don't have a universally good and free service that can be recommended to lots of non-techies that are still stuck on the old customs of reusing passwords. What's the issue with 1Password 8? Upgraded today to get the SSH agent and so far it seems alright. It's partially teething pains as they reimplement the world in Electron, and partially "sour grapes" since that transition was coscheduled with the "and no more local vaults, too bad" Their QR code scanner went poof, in favor of "take a screenshot to the clipboard," and it no longer is able to suggest based on the "bundle ID" of the native apps. I dunno if it ever did that for Windows, and of course Linux support is brand new, but annoying for my case nonetheless I’ve found it to be an improvement. I ditched it when they broke the ability to sync to the local file system. Before that, I was using syncthing to share my passwords between devices. Looking at the export code: https://github.com/bitwarden/clients/blob/da5e4a57d026e0d093... The entire export process seems to be client side. Altering the export to include files should be feasible though the Bitwarden devs might choose not to merge your code because allowing users to access all of those Azure buckets all at once must come at a significant cost. My workaround for this is to stuff SSH keys and the like in secret fields rather than attachments. This doesn't work for larger files, but it works well enough for my use cases so far. Can you migrate storage of your SSH keys in Bitwarden to custom fields[1]? Those should -- I think -- be exported with the contents of the vault. [1] - https://bitwarden.com/help/custom-fields/#custom-fields-for-... Custom fields, or notes, both are exported Bitwarden pivoted to serving enterprise needs (like SSO, collaboration) a few years ago and hasn’t given much attention to improving the basic product itself (there still aren’t additional types, like licenses, WiFi passwords, etc.). You can file this as an issue and wait. Just like every other product initially launched for consumers, eventually pivoting to enterprises and forgetting about the little guy. Seems it's impossible for people to run companies for the average consumer. Are their cash-flow really so bad they can't help themselves going into the enterprise market or is there something else going on? Enterprises are vastly more willing to pay to have their problems solved than consumers. (I say this as I see the difference in behavior in my own two personas.) Enterprises don’t blink at paying $50K/yr for something to improve security and save staff thousands of hours of time. Consumers are used to things being (or appearing to be) free. On a per-user basis, I’d expect consumers to ask more questions of support, while paying much less. Without meaning to disparage the OP, enterprises don’t put you on HN when their feature isn’t supported. They pay enough to focus the mind on important features. Enterprises are an 80/20 play. Keep your top clients happy and you’ll be fine. The first time you get a large order you realise that’s where your focus should be. bitwarden allows you to add custom fields and secure notes for anything that falls outside the usual email/password data. I'm wondering why their enterprise clients are ok with this though. I would have thought they'd get more pressure from them since most businesses would not want to lose all their attachments if there's a problem. As an Enterprise Client, I did not even know there was attachments, and i dont know what I would use attachments for... Splunk licenses (and likely a ton of other enterprise-y software) are actual files, so when we renew our license, it goes into 1P as an attachment on our Splunk item I recognize that's not what you would use attachments for, but I'm offering that there are enterprises that get benefit from attachments, not just individual users We have Software Asset management tools that manage those assests, This also tracks renewal dates, and various other aspects of Software management that makes password managers not a good fit. Our password manager is just a password manager, I suspect many other organizations are the same. Perhaps attachments isn't an enterprise priority over things like SSO support and other features that have seen changes and additions? I only noticed attachments exist after this post. They are pretty hidden away and there are other ways to store SSH keys that do get included in the export. Or maybe businesses forbid attachments in the first place or maybe they haven't realized and are okay with what being now locked in the service. Isn't the bitwarden client opensource enough or the implementation free that someone could come in and modify the export functionality or add the functionality to the API ? Probably enterprises don't want export feature by user. Organization export is separate from the user export and it's only available to administrators. I just checked - it's using the same code and is missing attachments too. Quick note, the Secure Note field can store up to 10k characters (I think it is, last I looked) post-encryption - that's typically big enough for most SSH key types, but may not be big enough for some GPG key exports - I have one GPG key armor export too large to fit. Point being you can stuff a good amount of info in those Notes most times to get exported, but there is a limit to be aware of - the client should fail to save the data once you've crossed that limit if I recall correctly, red error text etc. I just found out this now and I'm upset. I've been a paying user for a long time and won't use attachments anymore. Might as well consider migrating to a different password manager to migrate my attachments. Thanks for letting me know. You should move to vaultwarden and do regular offsite backups with one of the projects listed at the bottom here: https://github.com/dani-garcia/vaultwarden/wiki/Backing-up-y... This will backup your entire database, including attachments, users, etc. This is one of my motivation to selfhosted Vaultwarden [0]. Full features, lightweight with Rust, privacy, and full control. I hope it wasn't really one of your motivations, because Vaultwarden implements the server API. The lack of attachment backup occurs at the Bitwarden client level. Yes, but if you're running your own server you can back up the server, you don't need to export. If you Control the server, you can certainly control backups at a root level I really hope not. Why would the server have the keys needed to decrypt the vault? It does not. I actually wanted that functionality for my own installation but it was rejected. I don't use Bitwarden, but I just read the docs about backups, which are here: https://bitwarden.com/help/backup-on-premise/ Those say that the procedure for backups is to keep a copy of the entire bwdata directory. It doesn't say that you can or should use the export feature. It seems like the export feature is meant for data migration, not for backups. Though they are related, they're not the same concept. It probably wouldn't hurt to make this clearer in the GUI. In the export section, it could warn not to use it for backups and could give a link to the proper procedure. I have Bitwarden desktop/mobile apps and I keep them in sync exactly for this reason. In case something bad happens I can at least copy and paste individual password! ... is there some better way to back up your bitwarden data than export? Because if not, then I don't understand this. If you can't back up attachments, they can't be used for anything important. If they can't be used for anything important, then what are they for? It would be better to not have attachments at all than not let people back them up. Better solution that b64 the files is just make a zip file from the attachments with them in folders by the name of the entry. That said, I don't use the attachments feature (If I need to securely store files, I store them elsewhere). What exactly is an "attachment" in this context? Ive been using BW for about a year now but I've never come across that term. Is it non-login data like the secure notes section? Paid version allows you to store files. File backups need to be done in real time, otherwise backing up gigabytes of data on demand would be infeasible. We recently released this feature for Standard Notes[0]. Files you upload to your account from any device are automatically encrypted and backed up to a local folder on your computer. Granting companies full custody of your files today feels reckless; local backups are a must. And better it be encrypted. This makes a lot of sense. I use Notesnook [0] which also encrypts everything client side. It also doesn't export attachments in the automatic backups. I asked the devs and this is done to save user's bandwidth and also to make everything more reliable. Suppose the user's internet is slow or metered, what should be done then? Would the backup never be taken? That's obviously a bad idea since the notes are too important not to backup. So it makes a sacrifice on the attachments to make sure backup of the more important stuff keeps working even when there's no internet. Moreover downloading all the attachments takes a lot of time and doing it every day (or whatever interval) wouldn't be a good user experience. I think the Notesnook guys were thinking of adding cloud-to-cloud backups for attachments to work around this reliably. I'm not familiar with the tool, but naïvely I'd think offering an "include attachments" checkbox would give the user control over backup size. I know that might complicate the UI a bit and maybe even confuse user by having the option, but expecting all of your data to be backed up and only discovering that it isn't after it's too late isn't stellar UX either. This is very salient, I just left some feedback related to lack of functionality, in their community forums yesterday. I bought a subscription to use Bitwarden against 1Password, trying to switch from 1P to BW. I dislike 1P's arrogant customer service (Read their community forums for about an hour, and look at many of the responses from staff regarding feature requests) and my attitude towards them really soured when they flipped the switch on perpetual licensing. So I was excited and went in with an open mind, and delighted to be supporting an open source company: * The initial migration went off to a bad start as it didn't include everything from 1Password. Seemingly random data, and some attachments were missing. If I remember correctly, timestamps/creation dates didn't seem to migrate over, and some whole passwords weren't brought over, but no errors were reported from their migrator. * When I went to setup my vault after the migration, I was disappointed to see that there was a distinct lack of password types. I have software licenses, credit cards, API keys, regular passwords, recovery tokens, (non-critical) GPG keys, SSH keys, etc etc that I store in my vault. BW only had/has 4 item types to choose from, which just isn't suitable if you want to correctly track the types of items for organization and filtering. There is support for custom fields, but it just isn't the same.. * No support for tagging. I tried to setup a nested folder structure alternatively, but the UX was not easy to use in the desktop application (I was assuming I could do something similar to a `mkdir -p path/to/nested/folder` but BW only allowed me to create a single folder item at a time. For 500 password items, and different "buckets" I keep to organize, I ended up abandoning folders and just kept everything in the root in a mish-mash setup. I get that it's small and open source, and you have to temper expectations when comparing David (BW) vs Goliath (1P), but BW seems to have earned more community trust, and has an engaged community of fans. BW could absolutely provide a better experience than 1P both from a customer empathy standpoint, and from a product delivery perspective. But point 2 makes a failure (IMO) on point 1. Reading through their community forums, many of these (What I'd consider) table-stakes features have been left to rot on the tree of technical debt. Which makes me sad, because I'd pay a lot more than their current pricing model if they kept an open source attitude towards the product and could deliver more than just a "We're working on it! Stay tuned!" attitude after years of community comments. I'm gonna stick with 1P when the licenses come up for renewal, and use KeePass or Vault as an on-prem backup solution. I truly, truly hope BW succeeds, because I'd love to move away from my current setup. But I'm not willing to capitulate my workflow because the company can't deliver on highly-requested/highly-coveted features. I don't squarely put the blame on BW. This feels very common in the saas lifecycle: A feature has some sort of engagement/revenue metric attached to it, for growth tracking. Whether correlation is correct is a debate for another time, but many of these core features have an opaque effect on revenue or engagement (If you're a cynical product manager, an efficient tagging system correlates to less engagement, because I'm spending less time rooting around the user interface, which is less opportunity to use the application minute-by-minute), or it's considered plumbing-type work in which the revenue/engagement potential is spread out across the entire userbase, so the effect is less explosive (SSH key management[1], a niche feature requested by a loud subset of 1P users had huge awareness. But external sharing of items[2] was something I heard very little about, even though (objectively) external sharing casts a wider a shadow of net-new 1P users. I digress. This just reminded me of the frustration I have with software: Feels like everything I want to use is always missing some key element that I have to trade off for another key element when looking at competitors. [1] https://blog.1password.com/1password-ssh-agent/
[2] https://blog.1password.com/psst-item-sharing/ Those 3 points are valid but not even the worst bits. It sounds like you are just griping about the switching cost issues, and didn't get much further than initial setup. Once you actually try to use BW in earnest, you'll find it's noticeably worse than 1PW in most ways. The most glaring is that it is meh at detecting login forms and poor at detecting new account signup. These are the 2 primary flows for a pw manager! It's unforgivable. Other flaws aside, 1PW puts significant effort there and it shows. > I truly, truly hope BW succeeds, They've had quite long enough time already to do that. How long will you hold out hope? I want to love BW so much. I never could get myself to look at KeePass. Anyway the primary use case I care about is sharing, not self-mgmt. >Those 3 points are valid but not even the worst bits. It sounds like you are just griping about the switching cost issues, and didn't get much further than initial setup. 100% My rule-of-thumb is that onboarding has to be *incredibly* easy; it's the front door of an application, the user's first substantial interactions. If it's not easy or streamlined, I start wondering how the rest of the UX is. And in this case, the front door muddied the carpet inside the doors of the software, and I couldn't figure out how to make the process easy for myself, as BW is feature-gapped in many places. >Once you actually try to use BW in earnest, you'll find it's noticeably worse than 1PW in most ways. The most glaring is that it is meh at detecting login forms and poor at detecting new account signup. These are the 2 primary flows for a pw manager! Yes, exactly. I'd argue that login form management is the single most important selling point of a password manager. I can roll my eyes, but deal with new account signup forms. But login forms with stellar autofill is what separates the wheat from the chaff, IMO. >They've had quite long enough time already to do that. How long will you hold out hope? Competition makes better product for all of us, I don't want to go back to the days of LastPass, So I'll cross my fingers for them, but won't return as a customer after this initial billing cycle. >Anyway the primary use case I care about is sharing, not self-mgmt. I'm the inverse; self-management is more important. The only sharing I need is with my partner, which we don't do much of, considering most important shared stuff has accounts for each of us. KeePass is simply for backup purposes, but I haven't decided one way or another where I'll land between them and Vault. I lean towards Vault (Full disclosure: I work for Hashicorp) mostly because I'm more familiar with the APIs than I am with KeePass's plugin/extension frameworks. It's really pitiful that the selection of password managers is so awful. It should be hard to choose because they're all so good. I've used BW for years and have never had issues detecting forms. I've used BW for over a year now. The inability to detect forms is a common problem, with long standing open bugs being documented elsewhere in this post. I distinctly remember, the very first new login I created after moving over to BW. Nothing happened and I just assumed BW was simply not that chatty about such things. BW fails to detect a significant number of signups for me. It's not a rare occurrence. I've had to train myself to create the login explicitly, rather than hope for auto detection. 1PW has taken a wrong direction, so I "suffer" with BW. However I don't recommend it to anyone. (no one asks, so it's not much of a concern) 1 Password has "toxic optimism" Honestly, with 1Password's cloud only move, I firmly think there's a open position for a new major player in the password management space that learns from all the current players. I don't think 1password does either? Anyone know for sure? I think they give you a separate attachments folder, but any item loses its association to any attachment. thanks. does the json for the pw item itself, reference the attachment? They generally do a good job of documenting their file formats, and 1pux is no exception: https://support.1password.com/1pux-format/#files-folder I was able to use their opvault specification as a clean-room implementation of a reader, so I can also attest that their docs are accurate, too I’m still on KeePass. I keep meaning to get off of it but it more or less works okay (not great) I use windows, Debian, iOS, and Firefox as the browser on desktop. Any recommendations? I switched to iCloud passwords. It's terrible, but it works. When I'm not on iOS/macOS, I'm typing passwords manually looking at my phone. Not the best UX for sure. Keepassxc plus the browser extension? Also, if it aint broke… I’m not going to say it’s broken, but it sure is rough. an underappreciated feature in Keepass are URL overrides so you can autorun RDP sessions, SSH sessions, SFTP sessions in other apps with filled in credentials.
If Bitwarden had this feature, I'd probably switch. I have been bitten by this. It is quite weird imho. It’s worth taking a glance at other E2EE apps. I’m biased but EnvKey can handle huge content, though file support is in early stages. This is sadly common. 1Password does not either. Incorrect, I just tested it: When exporting data, in any of the supported formats, 1password will warn the following: Some of the items you attempted to export were documents. There is currently no support for exporting Documents from 1Password. So apparently, it exports pems. That's great. It doesn't export most attachments. edit: This is apparently new behavior in 1password8. If you have upgraded to the very latest version, the .1PUX export does seem to finally solve this problem. But that's new - it was not true for any previous version. I'm sorry that you think just because I only chose to show one file type that it only exported one file type See my edit. This is new in 1password8. Previous exports did not include them in any export format, meaning if you ever had to resort to loading a backup you’d be surprised that your attachments were gone. https://github.com/juanii/OnePIF/blob/0.5.2/OnePIF/Records/I... and https://github.com/polettix/App-OnePif/blob/0.002/lib/App/On... shows that 1pif does export attachments, confirmed by my trying an export locally with a copy of 1P7 for Mac I had handy This situation seems to contradict my previous assertion that AgileBits does a good job of documenting their file formats since I was unable to find the 1pif spec on their site Sort of a vendor lock in type deal. Main thing keeping me off switching to something else. 1Password's extensions getting worse with every update gets me closer each day though. The irony is that if they'd just open source them, it's not like that's where their real intellectual property lies and they may get a lot more help -- or at the bare minimum I can see what the extension is screwing up in my case and fix it while they "damn get around to it" I'm waiting for someone to point out that BW's extensions are open source and are still a dumpster fire, but for me the difference is that BW started as a dumpster fire, so I don't feel compelled to bring their extension up to sane operating levels, whereas 1P's are _mostly_ right, and just need a tune-up here and there Thanks for heads up! I am a happy user for Bitwarden and wasn't aware of that. Wow, if true, this is a huge oversight. It’s not something which you simply forget to think about.
There must be a lot of features, which are more important, as in being requested for. I must have been forgetting since I started using it over a year ago. The software itself doesn't warn about this quirk. I’ve been using BW for 5 years but looks like I need to start the search for a new PW manager. Thanks for pointing this out.
is more user friendly than: sqlite3 -noheader -newline '' export.db "select data from files where filename = 'my-file.bin'" > my-file.bin
unzip 1PasswordExport-ILESALYKVFDNJH3K24FEO3QRHM-20220611-100457.1pux files/my-file.bin
$ unzip -l 1PasswordExport-ILESALYKVFDNJH3K24FEO3QRHM-20220611-100457.1pux
...
1952 01-01-1980 00:00 files/dbp6d2jjtfbwbp5tnqx6vw5jaa__developerID_installer.pem
unzip -l 1PasswordExport-ILESALYKVFDNJH3K24FEO3QRHM-20220611-220354.1pux | grep files/ | grep -Eo '\.[^.]+' | sort | uniq -c
3 .2019-10-31
1 .4742E0C72E589FA7
5 .B5CA9C4DAF6FA034
1 .asc
2 .btskey
8 .cer
4 .certSigningRequest
11 .com
5 .gmail
6 .gpg
6 .hopperLicense
1 .io
2 .jpg
7 .json
1 .keybase
1 .onepassword7-license-mac
4 .p12
2 .paperkey
1 .pdf
8 .pem
1 .png
2 .tar
14 .txt