starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-12-10 17:23:04 +03:00
Code Issues 429 Packages Projects Releases 10 Wiki Activity

Error when trying to export unencrypted organization vault via web interface #1049

New Issue
Closed
opened 2025-10-09 17:02:13 +03:00 by OVERLORD · 5 comments
OVERLORD commented 2025-10-09 17:02:13 +03:00
Owner
Copy Link

Originally created by @f1d094 on GitHub.

Subject of the issue

Plaintext export of personal vault data works as expected. It is also possible to create an encrypted_json export of organization data. Plaintext exports of Organization vaults fail for both .csv and .json.

Encrypted exports are not useful for disaster recovery, where it is entirely possible the encryption key may be lost, preventing re-import of an encrypted .json file.

Unencrypted exports are essential for proper backups

Deployment environment

Your environment (Generated via diagnostics page)

  • Vaultwarden version: v1.25.2-9c891baa
  • Web-vault version: v2022.9.0
  • Running within Docker: true (Base: Debian)
  • Environment settings overridden: false
  • Uses a reverse proxy: true
  • IP Header check: true (X-Forwarded-For)
  • Internet access: true
  • Internet access via a proxy: false
  • DNS Check: true
  • Time Check: true
  • Domain Configuration Check: true
  • HTTPS Check: true
  • Database type: SQLite
  • Database version: 3.35.4
  • Clients used:
  • Reverse proxy and version:
  • Other relevant information:

Config (Generated via diagnostics page)

Show Running Config

Environment settings which are overridden:

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "****/**.*******",
  "db_connection_retries": 15,
  "disable_2fa_remember": true,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://******.******.**:*****",
  "domain_origin": "*****://******.******.**:*****",
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 5 * * * *",
  "emergency_request_timeout_schedule": "0 5 * * * *",
  "enable_db_wal": true,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": true,
  "ip_header": "X-Forwarded-For",
  "job_poll_interval_ms": 30000,
  "log_file": "/data/logfile",
  "log_level": "Info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "*****@******.****",
  "password_hints_allowed": true,
  "password_iterations": 100000,
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_explicit_tls": null,
  "smtp_from": "***********@******.**",
  "smtp_from_name": "Vaultwarden",
  "smtp_host": "***.**.**.**",
  "smtp_password": "***",
  "smtp_port": 1025,
  "smtp_security": "off",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": "*******",
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_syslog": false,
  "user_attachment_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": false,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}
  • Install method: Docker Image

Steps to reproduce

After logging in as the Organization owner, then Organizations -> MyOrganization -> Tools -> Export Vault

Expected behaviour

Unencrypted .json file with organization vault data

Actual behaviour

Selecting File Format "Encrypted .json" and entering Master Password returns encrypted .json file.
Selecting ".json" or ".csv" produces "An unexpected error has occured" in the GUI

Troubleshooting data

With extended logging enabled and LOG_LEVEL=info, the following appears in the log

[2022-09-23 22:14:29.602][request][INFO] GET /api/organizations/********-****-****-************/export
[2022-09-23 22:14:29.603][_][WARN] Response was `None`.
[2022-09-23 22:14:29.603][_][WARN] No 404 catcher registered. Using Rocket default.
[2022-09-23 22:14:29.603][response][INFO] (web_files) GET /<p..> [10] => 404 Not Found

Setting LOG_LEVEL=debug and trying again produces identical output in the log.

Trying to do export with bw cli results in same issues as #2760

Originally created by @f1d094 on GitHub. <!-- # ### NOTE: Please update to the latest version of vaultwarden before reporting an issue! This saves you and us a lot of time and troubleshooting. See: * https://github.com/dani-garcia/vaultwarden/issues/1180 * https://github.com/dani-garcia/vaultwarden/wiki/Updating-the-vaultwarden-image # ### --> <!-- Please fill out the following template to make solving your problem easier and faster for us. This is only a guideline. If you think that parts are unnecessary for your issue, feel free to remove them. Remember to hide/redact personal or confidential information, such as passwords, IP addresses, and DNS names as appropriate. --> ### Subject of the issue <!-- Describe your issue here. --> Plaintext export of personal vault data works as expected. It is also possible to create an encrypted_json export of organization data. Plaintext exports of Organization vaults fail for both .csv and .json. Encrypted exports are not useful for disaster recovery, where it is entirely possible the encryption key may be lost, preventing re-import of an encrypted .json file. Unencrypted exports are essential for proper backups ### Deployment environment ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.25.2-9c891baa * Web-vault version: v2022.9.0 * Running within Docker: true (Base: Debian) * Environment settings overridden: false * Uses a reverse proxy: true * IP Header check: true (X-Forwarded-For) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Database type: SQLite * Database version: 3.35.4 * Clients used: * Reverse proxy and version: * Other relevant information: ### Config (Generated via diagnostics page) <details><summary>Show Running Config</summary> **Environment settings which are overridden:** ```json { "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "****/**.*******", "db_connection_retries": 15, "disable_2fa_remember": true, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://******.******.**:*****", "domain_origin": "*****://******.******.**:*****", "domain_path": "", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 5 * * * *", "emergency_request_timeout_schedule": "0 5 * * * *", "enable_db_wal": true, "extended_logging": true, "helo_name": null, "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "invitation_org_name": "Vaultwarden", "invitations_allowed": true, "ip_header": "X-Forwarded-For", "job_poll_interval_ms": 30000, "log_file": "/data/logfile", "log_level": "Info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "*****@******.****", "password_hints_allowed": true, "password_iterations": 100000, "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_explicit_tls": null, "smtp_from": "***********@******.**", "smtp_from_name": "Vaultwarden", "smtp_host": "***.**.**.**", "smtp_password": "***", "smtp_port": 1025, "smtp_security": "off", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": "*******", "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_syslog": false, "user_attachment_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": false, "websocket_port": 3012, "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details> * Install method: Docker Image ### Steps to reproduce After logging in as the Organization owner, then Organizations -> MyOrganization -> Tools -> Export Vault ### Expected behaviour Unencrypted .json file with organization vault data ### Actual behaviour Selecting File Format "Encrypted .json" and entering Master Password returns encrypted .json file. Selecting ".json" or ".csv" produces "An unexpected error has occured" in the GUI ### Troubleshooting data With extended logging enabled and LOG_LEVEL=info, the following appears in the log ``` [2022-09-23 22:14:29.602][request][INFO] GET /api/organizations/********-****-****-************/export [2022-09-23 22:14:29.603][_][WARN] Response was `None`. [2022-09-23 22:14:29.603][_][WARN] No 404 catcher registered. Using Rocket default. [2022-09-23 22:14:29.603][response][INFO] (web_files) GET /<p..> [10] => 404 Not Found ``` Setting LOG_LEVEL=debug and trying again produces identical output in the log. Trying to do export with bw cli results in same issues as #2760
OVERLORD commented 2025-10-09 17:02:15 +03:00
Author
Owner
Copy Link

@BlackDex commented on GitHub:

Yes it is the same. It's the exact same endpoint (and I changed the title).
And bug or enhancement sometimes are synonyms 😉

@BlackDex commented on GitHub: Yes it is the same. It's the exact same endpoint (and I changed the title). And bug or enhancement sometimes are synonyms 😉
OVERLORD commented 2025-10-09 17:02:15 +03:00
Author
Owner
Copy Link

@f1d094 commented on GitHub:

What is the last known-good version if I wanted to roll back? This was my first effort with bitwarden/vaultwarden

@f1d094 commented on GitHub: What is the last known-good version if I wanted to roll back? This was my first effort with bitwarden/vaultwarden
OVERLORD commented 2025-10-09 17:02:15 +03:00
Author
Owner
Copy Link

@BlackDex commented on GitHub:

Duplicate of #2760

@BlackDex commented on GitHub: Duplicate of #2760
OVERLORD commented 2025-10-09 17:02:16 +03:00
Author
Owner
Copy Link

@BlackDex commented on GitHub:

I would suggest to use the latest tagged images instead of testing

@BlackDex commented on GitHub: I would suggest to use the `latest` tagged images instead of `testing`
OVERLORD commented 2025-10-09 17:02:17 +03:00
Author
Owner
Copy Link

@f1d094 commented on GitHub:

Is this the same? #2760 only speaks to cli. I am unable to create backups via GUI. This should be a bug, not an enhancement, no?

@f1d094 commented on GitHub: Is this the same? #2760 only speaks to cli. I am unable to create backups via GUI. This should be a bug, not an enhancement, no?
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
better for forum
bug
bug
bug
documentation
duplicate
enhancement
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
SSO
Third party
troubleshooting
troubleshooting
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/vaultwarden#1049
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?