-
Notifications
You must be signed in to change notification settings - Fork 78
Backup
There is rudimentary support for backups provided by default and configured for the most part in the .env file. Look for the Bitwarden Backup Options section.
When a BACKUP method is enabled in .env, backup will run on a regular interval (daily at midnight by default) and keep 30 days (default) of backups in the bitwarden/backups directory. The script will back up the following resources (based on this documentation):
-
db.sqlite3- encrypted database -
bitwarden/attachments- attachments directory -
bitwarden/sends- sends directory -
config.json- file with configuration settings (if it exists) -
rsa_key*- keys for logged in users -
.env- only if BACKUP_ENV istrue. Recommend encrypting the backup in this case.
There are three backup methods:
-
local- backup to the local directory only on the designated interval. You may want to use this if you have your own backup method in mind to synchronize bitwarden/backups -
email- email the latest backup -
rclone- synchronize the entire backup directory to a cloud storage service. This is the most powerful method but requires the most initial setup time
You may set any combination of these separated by a comma, for example: BACKUP=email,rclone
This is the simplest method and will maintain a directory of backups and optionally email you when the job is complete.
This backup method uses the SMTP settings provided to Bitwarden, so ensure that those variables are populated with correct values. The email default values provide a daily gzipped backup to your e-mail. This backs up the attachments and sends folders, so it could get quite large and may not be suitable for users who use attachments and sends.
This method is more powerful and a better option for users with large backups. To configure rclone, either provide a working configuration file at bitwarden/rclone.conf or create one using the following command from your gcloud shell while bitwarden is running:
sudo docker exec -it backup ash -c 'rclone config --config $BACKUP_RCLONE_CONF'
Follow the instructions at Rclone Remote Setup. Rclone will guide you through the configuration steps. You may need to download rclone on a host with a gui to authenticate with some cloud providers, however rclone does not require installation so that process is easier than it sounds.
If you have error
failed to create temp file for new config:Check if
BACKUP_RCLONE_CONFin.envis using the old location (/data/rclone.conf). If so, update.envwithsed -i 's|BACKUP_RCLONE_CONF=/data/rclone.conf|BACKUP_RCLONE_CONF=/data/rclone/rclone.conf|g' .envand move
rclone.conf:mkdir -p bitwarden/rclone && sudo mv bitwarden/rclone.conf bitwarden/rclone/rclone.confIf, after those troubleshooting steps, there is still an issue reading or writing the new
rclone.conflocation, consider checking the folder permissions. It's also possible to set up a symlink between the previous configuration location and the new configuration location. See [https://github.com/dadatuputi/bwgc_backup/issues/2] for more details or questions.
Your backup should run at the next cron job, however you may test it from the Google cloud shell with the following command, replacing <local|email|rclone> with the backup method you would like to test:
sudo docker exec -it backup ash /backup.sh <local|email|rclone>
Look at the log files if you run into issues, and ensure that the appropriate environmental variables are set correctly.
To decrypt an encrypted backup (.aes256), first decrypt using openssl:
openssl enc -d -aes256 -salt -pbkdf2 -pass pass:<password> -in $FILE.tar.gz.aes256 -out $FILE.tar.gz