You should be doing regular exports/backups of your vault regardless of how it's hosted. Bitwarden could go belly up tomorrow and lose all their stored vault data.
Easier said than done. If done manually you will eventually forget, and to automate you have to wrap around a call to the bitwarden cli, which as we've seen already suffered a supply chain breach https://news.ycombinator.com/item?id=47876043
The API for managing secrets automatically is gated behind `bitwarden-cli serve` which is surprising for me that I can't call the API directly using urllib or requests directly. I have to pass it through the bitwarden-cli.
I've been using bitwarden for a while, but your comment prompted me to investigate how I could backup my secrets, and this is a surprise. I am considering moving to my own infrastructure, because I dread having to depend on this tool to automate regular backups for me. Better to do that at the service layer. Problem is just how to expose it. There is always tailscale but that's just shifting the problem around.
To me, it's not that complicated. The point of a vault backup is to not leave you completely hosed, even if it means some new entries didn't make it in. You don't really need to automate anything, set a calendar reminder every few months if you're prone to forgetting and login to do an export.
Automating this definitely seems like a bad idea, but it depends on where you're putting the backup. I put mine into encrypted, offline storage and thats not something I want to keep connected all the time for a cron job. That, and you're dealing more moving pieces (CLI with vulns like you mentioned) and automating access to your vault.
I disagree because life is more complicated than just your password manager, so you are not just adding a reminder to backup your vault, it's another thing you need to remember. That might work for you, and it's ok, for me it's a liability.
The API for managing secrets automatically is gated behind `bitwarden-cli serve` which is surprising for me that I can't call the API directly using urllib or requests directly. I have to pass it through the bitwarden-cli.
I've been using bitwarden for a while, but your comment prompted me to investigate how I could backup my secrets, and this is a surprise. I am considering moving to my own infrastructure, because I dread having to depend on this tool to automate regular backups for me. Better to do that at the service layer. Problem is just how to expose it. There is always tailscale but that's just shifting the problem around.