How to migrate your Bitwarden vaults from US to EU storage
When Bitwarden users sign-up for an account, they have the choice between storing their vault data on Bitwarden's US or EU servers. Many users of the password management service may not even realize that they have a choice in the matter.
Users who created an account already can't just switch to using a server in the other supported region. While it is possible to migrate data storage from one region to the other, it is not as easy as pushing a button in the vault settings, and requires backing up passwords.
Bitwarden: EU or US servers?
To find out if the vault is stored on EU or US servers, Bitwarden users may check the URL of the Bitwarden website:
- EU server: https://vault.bitwarden.eu/
- US server: https://vault.bitwarden.com/
New users should take note of the URL, or use the region selector on the sign-up page to make sure the server region is set correctly before continuing.
Migrating from US to EU servers, and vice versa
Bitwarden notes that its server regions are "distinct cloud environments", which means that they are separate entities. The service's zero-knowledge encryption support prevents the organization's support from migrating vaults for customers from one server region to another.
This leaves a manual process for moving vaults. Here is how that is done:
- Sign-in to the current Bitwarden account and export all Vaults.
- Open the main webpage of the new server region and create a new account, using the same email address as the current account.
- Import the vault into the new account.
This is all that free Bitwarden users have to do to switch server regions. Paying Bitwarden customers need to contact support so that they may resume their subscription in the new region.
Organizations may also use a migration script that helps them from data from one installation to another. Bitwarden has a support page here that explains the process. Manual migration would involve asking users to manually export and import their vaults into the new region.
Closing Words
Migrating from one Bitwarden server location to another is possible, but it requires creating a new account, importing vault data into the new account and contacting Bitwarden support to get the license migrated as well, if a commercial version of the password management service is used.
Now You: do you use Bitwarden? Which server region do you use?
There’s not only the hosting server but the transporter as well.
In my case (with a device located in France) Dnslytics resolves as :
[vault.bitwarden.eu] : 104.18.1.30
[vault.bitwarden.com] : 104.18.13.33
Both are Cloudflare servers, both located in the U.S.A.
From there on I linger to understand how my vaults would be encrypted in servers physically located in EU or in the States. I’d start to imagine a difference if both ips weren’t cousins, not to say brothers.
If your threat model includes “state-level actors attempting to compromise my encypted cloud-stored password vault”, you shouldn’t have your password vault in the cloud.
GDPR would be a big plus. Server in the EU mean EU laws apply, which makes Bitwarden a halfway legally acceptable option in many organizations
Indeed! And nowhere in the article was mentioned about any advantages/disadvantages of changing the regions.
For personal use it doesnt have any pro/cons. To some customers for the company I work for; its very important, that all their data are stored in EU.
@B. Romell/Oggy–
Not much to go on:
NS Lookup only provides two Cloudflare IP Addresses located in San Francisco:
173.245.59.105
173.245.58.211
More important–there aren’t any advantages to changing:
“Please note that the Bitwarden approach to data protection and encryption ensures that existing US data storage remains GDPR compliant.”
Additional:
“Teams and Enterprise organizations are eligible for a transfer of subscription to the recently launched EU cloud. Both cloud servers operate exactly the same, are protected by the same policies, and are upheld to the same security and compliance standards.”
“For Premium individuals and Families organizations, if time is remaining on your subscription, we recommend migrating at the end of your subscription period and launching a new account and subscription on the cloud of your choice.”
Presumably, moving to the EU Region will take one off MS Azure servers and make users feel more private/secure?
Old News:
Security Audit & Compliance
“Open source and third-party audited, Bitwarden complies with Privacy Shield, GDPR, CCPA regulations.”
Possible explanation: Users were dumping Bitwarden for Vaultwarden [self-hosted] because they wanted storage in EU data centers which were not available unless they set up their own server. It’s a bit odd since one can self-host Bitwarden as well.
Bitwarden seems rather quiet about geolocation of EU servers:
https://bitwarden.com/help/server-geographies/
Oh well, I’m fine with US for now.
Does anyone know in which country in Europe Bitwarden’s servers are located?
The service’s zero-knowledge encryption support prevents the organization’s support from migrating vaults for customers from one server region to another – Making this action redundant !