Account encryption keys stored in data folder?

[EchoDev]

Today I wanted to backup my vault from the bitwarden extension and I noticed the warning before exporting my (encrypted) vault.

Rotating your account's encryption key will render an encrypted export impossible to decrypt. If you rotate your account encryption key, replace any old files with new one that use the new encryption key.

Account encryption keys are unique to each Bitwarden user account, so you won't be able to import an encrypted export into a different account.

This made me wonder, what if my server ever crashes?

If I have a single backup of the data folder on my server (re-encrypted, compressed and backed up to a private cloud space), will I always be able to import a (more recent) ** encrypted vault export**? The backup of the data folder should automatically always have the account key included right so it should always be able to read encrypted vault exports...right?

Am I overlooking something?

[BlackDex]

The keys are stored within the database. If you have a backup of your database you have all ciphers encrypted and well already. So basically no need for encrypted exports, unless you want to store them for a long long time.

So, if you are using SQLite as your database, then having a backup of your data folder should be more then enough. Else you need to make sure you have a backup of your database also.

[EchoDev]

Thanks for the answer.

I'm indeed using SQLite as my database.

I use the encrypted exports function to make a quick backup without logging in to my system. It's a bit quicker for me :D