91 lines
3.0 KiB
Markdown
91 lines
3.0 KiB
Markdown
# bitwarden-to-keepass
|
|
Export (most of) your Bitwarden items into a KeePass database.
|
|
|
|
## Fork information
|
|
|
|
This repository is a fork of [davidnemec/bitwarden-to-keepass](https://github.com/davidnemec/bitwarden-to-keepass).
|
|
|
|
They did all of the work, I just added the custom URL functionality and created a Docker repository. All props to [davidnemec](https://github.com/davidnemec/)!
|
|
|
|
## How it works?
|
|
It uses the official [bitwarden-cli](https://bitwarden.com/help/article/cli/) client to export your items from the Bitwarden vault and move them into your KeePass database - that includes logins (with TOTP seeds, URIs, custom fields, attachments, notes) and secure notes.
|
|
|
|
## Usage
|
|
|
|
### Environment variables available
|
|
|
|
- `DATABASE_PASSWORD` (required): The password you want your KeePass file to have.
|
|
- `DATABASE_NAME` (optional): The name you want your KeePass file to have. If not set, it will default to `bitwarden.kdbx`.
|
|
- `BITWARDEN_URL` (optional): A custom Bitwarden/Vaultwarden instance. If you are using the official https://bitwarden.com, you can leave this blank.
|
|
|
|
### Backup location
|
|
|
|
All backups will be written to `/exports`. You need to mount that volume locally in order to retrieve the backup file.
|
|
|
|
### Docker command
|
|
|
|
In your terminal, run:
|
|
|
|
```sh
|
|
$ docker run --rm -it \
|
|
-e DATABASE_PASSWORD=123 \
|
|
-e DATABASE_NAME="my-cool-bitwarden-backup.kdbx" \
|
|
-e BITWARDEN_URL=http://your.bitwarden.instance.com \
|
|
-v ./exports:/exports \
|
|
rogsme/bitwarden-to-keepass
|
|
```
|
|
|
|
**The `--rm --it` is important!** Why?
|
|
- `--rm`: The Docker container will delete itself after it runs. This ensures no config leaking.
|
|
- `-it`: The script will ask for your credentials, so Docker has to run interactively.
|
|
|
|
First, the script will ask for your username:
|
|
|
|
``` sh
|
|
$ Email address: your@email.com
|
|
```
|
|
|
|
Then, your master password. The input is hidden, so it won't be visible on your terminal:
|
|
|
|
``` sh
|
|
$ Master password: [input is hidden]
|
|
```
|
|
|
|
Finally, if you have 2FA enabled, it will ask for your 2FA code:
|
|
|
|
``` sh
|
|
$ Two-step login code: 123456
|
|
```
|
|
|
|
And it'll start converting your passwords into KeePass! You'll see something similar to this:
|
|
|
|
``` sh
|
|
Generating KeePass file /exports/my-cool-bitwarden-backup.kdbx
|
|
2024-02-20 15:12:54 :: INFO :: KeePass database does not exist, creating a new one.
|
|
2024-02-20 15:13:20 :: INFO :: Folders done (1).
|
|
2024-02-20 15:13:36 :: INFO :: Starting to process 999 items.
|
|
2024-02-20 15:13:36 :: INFO :: Saving changes to KeePass database.
|
|
2024-02-20 15:13:43 :: INFO :: Export completed.
|
|
```
|
|
|
|
In the end, the script will lock your vault and log out of your account:
|
|
|
|
``` sh
|
|
Your vault is locked.
|
|
KeePass file /exports/my-cool-bitwarden-backup.kdbx generated successfully
|
|
You have logged out.
|
|
```
|
|
|
|
And you can find your file in your mounted directory!
|
|
|
|
``` sh
|
|
$ ls exports
|
|
my-cool-bitwarden-backup.kdbx
|
|
```
|
|
|
|
## FAQ
|
|
|
|
- Why can't I keep my session open?
|
|
|
|
Basically, for security reasons. I prefer the Docker container to ask for my credentials each time and not save them.
|