Storage | Bitwarden Help Center (2024)

Table of Contents
On Bitwarden servers On your local machine Suggest changes to this page FAQs

Security

This articles describes where Bitwarden stores your vault data and administrative data.

Bitwarden always encrypts and/or hashes your data on your local device before anything is sent to cloud servers for storage. Bitwarden servers are only used for storing encrypted data. For more information, see Encryption.

Some encrypted data, including a user's protected symmetric key and master password hash, are also transparently encrypted at rest by the application, meaning they're encrypted and decrypted again as they flow in and out of the Bitwarden database.

Bitwarden additionally uses Azure transparent data encryption (TDE) to protect against the threat of malicious offline activity by performing real-time encryption and decryption of the database, associated backups, and transaction log files at rest.

On Bitwarden servers

Bitwarden processes and stores all vault data securely in the Microsoft Azure Cloud in the US or EU using services that are managed by the team at Microsoft. Since Bitwarden only uses service offerings provided by Azure, there is no server infrastructure to manage and maintain. All uptime, scalability, security updates, and guarantees are backed by Microsoft and their cloud infrastructure. Review the Microsoft Azure Compliance Offerings documentation for more detail.

Bitwarden maintains point-in-time restore (PITR) policies for disaster recovery. The functionality leveraged by Bitwarden for this purpose does not involve creating or storing a BACPAC or otherwise moveable backup file, but instead allows for disaster recovery by reverse-processing transactional logs to make the database consistent with a selected point-in-time (see Microsoft’s documentation). Bitwarden has configured a strict 7-day retention policy for PITR and a policy of no long-term retention. This functionality is for disaster recovery purposes only, users and organizations are responsible for creating and securely storing backups of their own vault data. Blob-stored data, specifically attachments and Send files, are not subject to PITR functionality and are irrecoverable once deleted from Bitwarden.

Don't trust Bitwarden servers? You don't have to. Open source is beautiful. You can easily host the entire Bitwarden stack yourself. You control your data. Learn more here.

On your local machine

Data that is stored on your computer/device is encrypted and only decrypted when you unlock your vault. Decrypted data is stored in memory only and is never written to persistent storage. Encrypted data is stored in the following locations at rest:

Desktop app

tip

You can override the storage location for your Bitwarden desktop app data by setting the BITWARDEN_APPDATA_DIR environment variable to an absolute path.

Browser extension

  • Windows

    • Chrome: %LocalAppData%\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb

    • Firefox: %AppData%\Mozilla\Firefox\Profiles\your_profile\storage\default\moz-extension+++[UUID]^userContextId=[integer]

    • Opera: %AppData%\Opera Software\Opera Stable\Local Extension Settings\ccnckbpmaceehanjmeomladnmlffdjgn

    • Vivaldi: %LocalAppData%\Vivaldi\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb

    • Brave: %LocalAppData%\BraveSoftware\Brave-browser\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb

    • Edge: %LocalAppData%\Microsoft\Edge\User Data\Default\Local Extension Settings\jbkfoedolllekgbhcbcoahefnbanhhlh

  • macOS

    See Also
    Google-discovered vulnerability in Bitwarden

    • Chrome: ~/Library/Application Support/Google/Chrome/Default/Local Extension Settings/nngceckbapebfimnlniiiahkandclblb

    • Firefox: ~/Library/Application Support/Firefox/Profiles/your_profile/storage/default/moz-extension+++[UUID]^userContextID=[integer]

    • Safari: ~/Library/Safari/Databases

    • Edge: ~/Library/Application Support/Microsoft Edge/Default/Local Extension Settings/jbkfoedolllekgbhcbcoahefnbanhhlh

  • Linux

    • Chrome: ~/.config/google-chrome/Default/Local Extension Settings/nngceckbapebfimnlniiiahkandclblb

    • Firefox: ~/.mozilla/firefox/your_profile/storage/default/moz-extension+++[UUID]^userContextID=[integer]

    • Edge: ~/.config/microsoft-edge/Default/Local Extension Settings/jbkfoedolllekgbhcbcoahefnbanhhlh

note

To enhance security, Firefox uses universally unique identifiers (UUIDs) within extension storage folder names. In the address bar, navigate to about:debugging#/runtime/this-firefox to locate your Bitwarden extension UUID. Replace [UUID] with that value.

Firefox also allows users to customize where to store their profiles (and thus local Bitwarden extension data). The location specified above is the default.

Mobile

  • iOS: app group for group.com.8bit.bitwarden

  • Android: /data/data/com.x8bit.bitwarden/

Web

  • Chrome: Menu → More Tools → Developer Tools, then select the Application Local storage.

  • Safari: Develop → Show Web Inspector → Storage → Local Storage.

  • Firefox: Menu → More tools → Web Developer Tools → Storage → Local Storage.

  • Edge: Menu → More tools → Developer tools → Application → Local storage.

  • Opera:

    • Windows: Menu → Developer → Developer Tools → Application → Local storage.

    • MacOS: Developer → Developer Tools → Application → Local storage.

CLI

  • Windows: %AppData%\Bitwarden CLI

  • macOS: ~/Library/Application Support/Bitwarden CLI

  • Linux: ~/.config/Bitwarden CLI

tip

You can override the storage location for your Bitwarden CLI app data by setting the BITWARDENCLI_APPDATA_DIR environment variable to an absolute path.

Suggest changes to this page

How can we improve this page for you?
For technical, billing, and product questions, please contact support

Storage | Bitwarden Help Center (2024)

FAQs

Is Bitwarden safe from hackers? ›

Your data is fully encrypted and/or hashed before ever leaving your local device, so no one from the Bitwarden team can ever see, read, or reverse engineer to get to your real data. Bitwarden servers only store encrypted and hashed data. For more information about how your data is encrypted, see Encryption.

Read On
Where is the Bitwarden encryption key stored? ›

But an encrypted form of the account key is stored alongside your encrypted vault data (in the cloud database, and in the local vault cache); the key that allows your to decipher the encrypted account key is derived from your master password.

Discover More Details
What is the drawback of Bitwarden? ›

Bitwarden Form Filling

Two shortcomings, though, make Bitwarden a less competitive option: Step 1.It does not have a vault template for addresses. While you can store addresses via a custom vault entry, they will not work with autofill. This is a major roadblock regarding filling shipping and billing information.

Continue Reading
What happens if I lose access to Bitwarden? ›

If you don't have your recovery code saved somewhere outside of your vault, there is unfortunately no way for the team to recover the account or data therein. You will need to delete your account and start a new one.

See Details
What is the Bitwarden controversy? ›

Despite its generally strong encryption mechanisms, Bitwarden has faced criticism for the number of hash iterations used to secure user passwords.

Find Out More
What is the Bitwarden security flaw? ›

Bitwarden flaw can let hackers steal passwords using iframes

Bitwarden's credentials autofill feature contains a risky behavior that could allow malicious iframes embedded in trusted websites to steal people's credentials and send them to an attacker.

Tell Me More
Which country is Bitwarden from? ›

Yes. Bitwarden is a corporation headquartered in Santa Barbara, California with employees located in the U.S. and around the world.

Show Me More
Does Bitwarden automatically save passwords? ›

Bitwarden browser extensions provide a set of keyboard shortcuts (also known as hot keys) to autofill login information. If your vault is locked when you attempt this, a window will open prompting you to unlock. Once unlocked, the browser extension will automatically proceed with autofilling your credentials.

Explore More
Is everything in Bitwarden encrypted? ›

Bitwarden always encrypts and/or hashes your data on your local device before anything is sent to cloud servers for storage. Bitwarden servers are only used for storing encrypted data. For more information, see Storage.

Continue Reading
Why not use Bitwarden? ›

Bitwarden's paid plans offer all essential security features including password generator, auto-fill, 2FA, and many more. However, Bitwarden also has some weak areas that need improvement, like a flawed auto-filling feature, no auto-backups, or limited storage.

Show Me More

Which is better, 1Password or Bitwarden? ›

1Password is better if you need an easy-to-use option with monitoring, large document storage limits and travel capabilities. Bitwarden is better if you're looking for an open-source option with free and lower-priced tiers.

Read The Full Story
Which is better, KeePass or Bitwarden? ›

Both KeePass and Bitwarden have all essential features, such as password generator and password storage. However, Bitwarden offers additional essential features for daily use, such as password sharing, autofilling, and account recovery method, making Bitwarden a winner in this category.

See Details
Can I use Bitwarden without Internet? ›

Most functions of Bitwarden are accessible in offline mode, however you won't be able to make edits to or add vault items, attachments, or sends or import new vault items.

Get More Info Here
How do I get rid of Bitwarden? ›

Delete a personal account

Open https://vault.bitwarden.com/#/recover-delete (or https://vault.bitwarden.eu/#/recover-delete) in a web browser. Enter the Email Address associated with the account to issue a deletion confirmation email. In your inbox, open the email and verify you want to delete this Bitwarden account.

Continue Reading
Is Bitwarden the safest password manager? ›

The most trusted password manager. Bitwarden is the best password manager for securely storing, managing, and sharing sensitive online data such as passwords, passkeys, and credit cards.

View More
Has Bitwarden been breached? ›

Before considering Bitwarden as your go-to password manager in 2024, here are the main things you should know. Security. Bitwarden includes all the essential security features to ensure customers are well-protected against breaches and other online threats. It has never had any security breaches.

View Details
Is Bitwarden as vulnerable as LastPass? ›

While Bitwarden and LastPass both make honest efforts to protect user data, Bitwarden's security measures far outrank those of LastPass. For one, Bitwarden defaults to 600,001 password iterations, which refers to the number of times a password is hashed to keep it secure.

See More
What password manager has never been hacked? ›

Keeper Password Manager is safe to use. According to Keeper's website, it's never been hacked or breached. Because it uses the zero-trust, zero-knowledge system, it makes it a more secure product. All encryption and decryption happen on your device when you log in to the vault.

Learn More
Can Bitwarden be brute forced? ›

This is however not entirely true: only the device-local encrypted vault data needs to be accessed. If accessing device-local data is outside of the threat model, why are we encrypting these data at all? We might as well store them in plain text.

Discover More Details
Top Articles
The collapse of ETH is inevitable | TechCrunch
Home - Finance Over Fifty
Payyourtix Turner
Pinellas Fire Active Calls
Kelbi Horn
Stretch limos were the ultimate status symbol. Now they're going for cheap on Craigslist.
One Barred From Bars Daily Themed Crossword
Why Do You Want A Dog?
Stellaris Piracy Suppression
Loss Payee And Lienholder Addresses And Contact Information Updated Daily Free List Bank Of America
Beacon Schneider La Porte
M&M Imports Fontana
Magicseaweed Capitola
Pokemon Fire Red Cheats
PG&E Outage Center - View Outage Map
Espn Expert Picks Nfl Week 6
Daves Supermarket Weekly Ad
Burley Id Recent Bookings
Jasper William Oliver Cable Alexander
Union Corners Obgyn
Streameast Mlb Playoffs
Brazos County Mugshots Busted Newspaper
Lagrange Tn Police Officer
Vera Life Dispensary Pottstown
Munis Self Service Cumberland County
Couponsky Net
Eulogy Zero Ror2
Weilers Gentle Giants
Dit zijn de 14 beste restaurants van Amsterdam
Quincy Herald-Whig Obituaries Past 3 Days
Fredericksburg Free Lance Star Obituaries
Crunchy Bits In Some Fudge Crossword
Elastique Athletics Promo Code
Omniplex Cinema Dublin - Rathmines | Cinema Listings
Eastway Wrecker Auction List
Ups Location Near Me Drop Off
Different Types of Conditional Sentences in English: Definition and Examples | Proofreading
Stellaris Leader Cap
Ilsos.gove
Susan Miller Libra 2023 Predictions
8774141128
Www.gex-App-Ch
M3Gan Showtimes Near Ipic Hudson Lights
Plumfund on CabinetM
Craigslist Apartments In Philly
Dr Ayad Alsaadi
Survival Hunter Pets Guide - The War Within (Season 1)
Savage Funniest Texts Drunk
Streetsboro Discussion Board
66 Ez Basketball Stars
Latest Posts
First ETF zero-day options ETF launches in the US
The Top 7 ETFs for Day Trading
Article information

Author: Kieth Sipes

Last Updated:

Views: 5780

Rating: 4.7 / 5 (67 voted)

Reviews: 82% of readers found this page helpful

Author information

Name: Kieth Sipes

Birthday: 2001-04-14

Address: Suite 492 62479 Champlin Loop, South Catrice, MS 57271

Phone: +9663362133320

Job: District Sales Analyst

Hobby: Digital arts, Dance, Ghost hunting, Worldbuilding, Kayaking, Table tennis, 3D printing

Introduction: My name is Kieth Sipes, I am a zany, rich, courageous, powerful, faithful, jolly, excited person who loves writing and wants to share my knowledge and understanding with you.