Open-Source Wikis

/

Bitwarden Server

/

Features

/

Imports & exports

bitwarden/server

Imports & exports

Active contributors: tools team.

Purpose

Importing from another password manager (1Password, LastPass, Dashlane, KeePass, browser exports, CSV…) is one of the most common onboarding paths. Exporting your vault is also part of the privacy promise. Both flows live under src/Core/Tools/ImportFeatures/ and src/Api/Tools/Controllers/ImportCiphersController.cs.

The vast majority of import logic happens client-side — the client parses the third-party format, builds Bitwarden-shaped ciphers and folders, encrypts them with the user key, and submits them. The server's job is to validate, persist, and trigger the appropriate downstream events.

Where the code lives

Concern Path
Domain src/Core/Tools/ImportFeatures/
API src/Api/Tools/Controllers/ImportCiphersController.cs, ImportPersonalCiphersController.cs, etc.
Service registration services.AddImportServices(...) from src/Core/Tools/ImportFeatures/ImportFeaturesServiceCollectionExtensions.cs
Schema None new — imports write to existing Cipher, Folder, Collection, CollectionCipher tables.

Key abstractions

Type Description
IImportCiphersCommand Single command interface; one implementation per import target (personal vs. org).
ImportCiphersRequestModel The bulk-create payload: array of folders + array of ciphers + array of folder-cipher links.
ImportOrganizationUsersCommand Bulk import of organization members from a CSV.

How it works

sequenceDiagram
    participant Client
    participant Api
    participant Cmd as IImportCiphersCommand
    participant Db
    participant Push

    Client->>Client: parse 3rd-party export
    Client->>Client: encrypt all ciphers / folders client-side
    Client->>Api: POST /ciphers/import (bulk payload)
    Api->>Cmd: validate counts vs. plan limits
    Cmd->>Db: bulk-insert via Cipher_CreateMany sprocs
    Cmd->>Push: PushSyncCiphers
    Api-->>Client: 200 ok

The bulk-create stored procedures (Cipher_CreateMany, Folder_CreateMany, CollectionCipher_CreateMany) keep the server-side step bounded; the client typically batches large imports into ~100-cipher chunks.

Plan limits

  • Free / Premium personal vaults have generous-but-not-unlimited cipher counts.
  • Org imports are gated by the org's seat / cipher allotment.
  • Attachments are not part of imports — they must be re-uploaded once the cipher exists.

Exports

Exports are fully client-side. The server endpoints that exist (e.g. POST /accounts/api-key) exist only to generate API keys for tools that wrap export.

Audit events

Every successful import logs Cipher_Imported events and Cipher_Created events for each row. Mass-import is one of the highest-volume audit-event sources.

Entry points for modification

  • Tighten import validation → IImportCiphersCommand implementations.
  • Bulk import optimisation → ensure the relevant Create_Many sproc exists and the EF equivalent uses BulkExtensions rather than per-row Add.
  • New client-side parser → no server change required; the parser ships with the client.
  • Org-member import format change → ImportOrganizationUsersCommand and the OrganizationUsersController.PostImport endpoint.

Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.

Imports & exports – Bitwarden Server wiki | Factory