Previously, I made my first GitHub Action backup script, which you can read about in a previous post and it was a success from my point of view. I had these critical goals in mind for such a script:

  • almost maintenance free
  • securely stored credentials
  • automatic
  • basically free

I is maintenance free as it requires no updates for instance, because GitHub maintains the architecture. The credentials are not accessible directly from GitHub UI, so it also basically meets security goal. It runs automatically as cron schedule so I do not think about it. GitHub offers a lot of GitHub actions minutes per month for free and I do not use all of them, not in the slightest so far.

But of course, there are downsides too. The unexpected maintenance comes from dependabot mails, that weekly reminds me to update vulnerable packages in this public repo. The security also is not absolute, the script itself of course can read the stored credentials and a determined attacker could extract them via this vector, however probability is small. Overall, I am satisfied with this setup. The only thing is the learning curve for GitHub Actions was far far steeper then I ever thought it would be.

Bitwarden Backup

As a next step, I made a fully working GitHub Action for backing up a Bitwarden Vault. It also wasn't without its challenges, rather the other way around. It was full of challenges, both in terms of climbing the learning curve of the GitHub Actions and understanding how Bitwarden CLI works. One of the largest limitation that I found was the fact that Bitwarden Family plan offers an Organization but without API key.

Such limitation means no automated backups for organizations, unless you drop the 2FA or other MFA for your primary account, which is not currently an acceptable option for me.

Result can be observed and tinkered with the public repository. Again, I am not going to explain all the details here, but I am sharing in case someone find such a solution useful. Feel free to tinker. Enjoy!