Security

Server Geographies

The Bitwarden cloud is available globally with data storage in both United States and European Union regions. The practices used by Bitwarden for securing your sensitive data are the same, regardless of which server region you use. Learn more about how Bitwarden secures your data.

Choose your cloud server

To choose which Bitwarden server geography to create your account or organization on, select the Server or Logging in on: dropdown on the login or registration screen and select your desired region, for example in the web app:

Region selector
Region selector

Bitwarden data regions are separate, and your account or organization only exists in the region where it was first created.

Connect your self-hosted server

Self-hosting a Bitwarden organization or individual premium plan requires first starting a subscription on a cloud server and subsequently uploading a license file to your self-hosted instance. If you create your subscription on an EU server, add the following environment variables to your server's ./bwdata/env/global.override.env file to ensure you're communicating with the correct server:

Bash
globalSettings__baseServiceUri__cloudRegion=EU globalSettings__installation__identityUri=https://identity.bitwarden.eu globalSettings__installation__apiUri=https://api.bitwarden.eu globalSettings__pushRelayBaseUri=https://push.bitwarden.eu
note

The value for globalSettings__baseServiceUri__cloudRegion must match the data region that was selected when retrieving your Installation ID & Key.

Migrate to another cloud

To migrate from one Bitwarden cloud server to another, for example, from a US server to an EU server:

  1. Export your organization vault and instruct all organization members to export their individual vaults.

    tip

    Individually download any file attachments for vault items and note which items they belong to.

  2. Create a new Bitwarden account in the desired region and start a trial organization. Bitwarden support will be able to migrate your subscription to the new region (see Step 4).

  3. Set up your new organization, configuring things like enterprise policies, login with SSO, constructing group-collection relationships, and inviting users with Directory Connector or SCIM. For help, refer to the Proof-of-Concept Checklist.

  4. Contact Bitwarden support to move your new organization off of trial and resume your subscription in your new region.

  5. Import your organization vault data obtained in Step 1, and instruct organization members to import their individual vaults as well.

Migration FAQs

Q: Do I need to migrate?

A: Migrating regions is not required. The region selector allows organizations to specify the geographic location of vault data. Features and functions are identical across regions.

Q: Is there a process for migrating?

A: Bitwarden regions are distinct cloud environments. Bitwarden cannot migrate accounts from one region to another for customers. A script is available for organizations to help facilitate migrations. Subscriptions can be transferred from one region to another region by contacting us.

Q: Can an account created in one server geography join an organization in another server geography?

A: No, vault data and user data are completely separate between server geographies. If a user is on a different server than an organization, the user cannot access or interact with that organization. This separation includes organizations that have migrated and are no longer on the same cloud server as the organization members.

Q: What does the migration script do?

A: The script works with the Bitwarden CLI to move data from one installation to another. Instructions are available in this article. This script migrates all organization vault data, including attachments, as well as member roles (excluding the custom role), and collections permissions assigned both to members and groups. The script also automatically recreates your groups in the new organization if you’re not using directory integration for automatic provisioning. Note that this does not include the migration of individual user vaults.

Q: What does a manual migration look like?

A: A complete manual migration involves creating a new account in the preferred region and beginning the new organization creation process. Once the new organization is configured, re-invite users, and then export vault data from your old organization and import into the new one. Users will need to manually export/import their individual vaults.

Q: What happens to my sponsored families plan if we migrate our enterprise plan?

A: Complimentary families plan for enterprise employees must be based in the same region as the sponsoring plan. If your enterprise plan migrates to another region, it will end your families plan sponsorship. You will need to migrate your families plan and then sponsor the new plan following the steps in the Redeem Families Sponsorship article.

Suggest changes to this page

How can we improve this page for you?
For technical, billing, and product questions, please contact support

Cloud Status

Check status

Level up your cybersecurity knowledge.

Subscribe to the newsletter.


© 2024 Bitwarden, Inc. Terms Privacy Cookie Settings Sitemap

This site is available in English.
Go to EnglishStay Here