This is a shell script to backup your bitwarden vault onto a cloud server & a local encrypted storage with encryption.
This script also creates different versions everytime and keeps the old one as well and it will shred the .csv file and the container at the end as well. You will need some additional setup to do this securely.This script requires bitwarden-cli & direnv installed on your system. To install bitwarden-cli & direnv refer to Bitwarden CLI Installation Guide & Direnv Installation Guide respectively
- We will create a separate partition which will be password protected. We will use LUKS to achieve this. This guide will help you in doing so
- Once created create a .txt file inside this encrypted partition and keep it hidden by putting a .(dot) before the filename.
- You will need to type the following inside it:
export BITPASS="Your bitwarden vault password"export ZIPASS="The password of the file you want to keep"
These are environment variables that are needed to be set prior to the running of the script. We are using a zip file encryption to encrypt the .csv file which will be exported at the time of creating backup.
-
There is one final setup that is setting up direnv
This will enable direnv to read environment variables from the files you want it to. Direnv is kind of like setting a local environment variable that only works in a certain foldereval "$(direnv hook zsh)" -
Now create a
.envrcfile where you have stored the scriptexport DEVICEPASSWORD="Your encrypted drive password" -
Enter the the command
direnv allow "The path of .envrc file" -
You will need a cloud storage mounted on your system. I use onedriver for this purpose but you can use anything else if you want. You can use Rclone if you want to use Google Drive
You are now all set with the prerequisites, make sure you are logged in your bitwarden vault through cli
- Download the script
- Give permissions
sudo chmod +x ./bwbackup.sh - Run the script
./bwbackup.sh - Enter the sudo password
- The backup will be created