A step-by-step guide to moving your entire vault without losing custom fields, TOTP codes, or your sanity.
If you’ve been a long-time 1Password user and you’re ready to move to Apple’s built-in Passwords app, you’ve probably already hit the wall: Apple Passwords only accepts 6 fields — Title, URL, Username, Password, Notes, and OTPAuth. That’s it.
Meanwhile, your 1Password vault has years of carefully organized data — custom sections, recovery codes, security questions, multiple URLs per login, credit card details, software license keys, and more. A naive export-and-import will silently drop all of that.
I built an open-source, fully offline Python script that handles the complete migration without losing a single field. Here’s exactly how to use it.
What You’ll Lose (Without This Tool)
When you export from 1Password and import into Apple Passwords directly, here’s what gets dropped:
- Custom section fields — recovery codes, security questions, API keys, PINs
- Multiple URLs — alternate login pages, account management URLs
- Credit card details — card numbers, expiry dates, CVVs (Apple Passwords doesn’t store cards — that’s Apple Wallet’s job)
- Software license keys — serial numbers, purchase info, download links
- TOTP secrets stored in custom fields — some 1Password items store OTP in non-standard locations
- File attachments — license files, PDFs, documents stored inside 1Password items
- Tags and metadata — categories, creation dates, vault assignments
The tool preserves everything by merging extra fields into the Notes column, extracting file attachments to a files/ folder, and separating items that need different handling (like credit cards) into their own files.
Before You Start
You’ll need:
- 1Password desktop app (Mac or Windows) — to export your vault
- Python 3.6+ — pre-installed on macOS
- The migration script — onepass_to_apple.py on GitHub (single file, zero dependencies)
- 5 minutes of your time
Is This Safe?
Yes. The script is:
- 100% offline — makes zero network calls. No APIs, no cloud services, no telemetry, no LLM calls. Your passwords never leave your machine.
- Zero dependencies — uses only Python’s built-in standard library (json, csv, zipfile, hashlib, argparse). Nothing to install via pip. No supply chain risk.
- Open source — the entire script is a single readable Python file. You can (and should) read it before running. There are no obfuscated sections, no binary blobs, no compiled modules.
- Secure delete built in — when you’re done importing, the tool can overwrite all output files with zeros and random data before deleting them.
Step 1: Export From 1Password
- Open the 1Password desktop app
- Go to File → Export (or right-click a vault → Export)
- Choose all vaults you want to migrate (or export one at a time — the script handles multiple vaults in a single .1pux file)
- Select format: 1PUX (this is 1Password’s full-fidelity format — not CSV, which loses data)
- Authenticate and save the file (e.g., export.1pux)
Important: The .1pux file contains ALL your passwords in plaintext. Treat it like your house keys. Don’t email it, don’t upload it anywhere, and delete it when you’re done.
Step 2: Download the Script
Grab the script from GitHub:
git clone https://github.com/jinuem/1password-to-apple-password.git
cd 1password-to-apple-password
Or just download onepass_to_apple.py directly — it’s a single file with no dependencies.
Want to verify it’s safe? Read it. It’s ~450 lines of straightforward Python. No network imports (requests, urllib, http, socket) — you can grep for them:
grep -n “import requests\|import urllib\|import http\|import socket\|\.connect\|\.send\|\.post\|\.get(” onepass_to_apple.py
That will return nothing. Zero network code.
Step 3: Preview With Dry Run (Recommended)
Before writing any password-containing files, run a dry run to see what you’re working with:
python3 onepass_to_apple.py export.1pux –dry-run
This will show you:
- How many items are in each vault
- How many are active vs. trashed/archived
- Category breakdown (logins, credit cards, licenses, etc.)
- Duplicate detection — items with the same URL + username across vaults
- Password health — empty, short, and reused passwords
- What will go into each output file
Only report.txt is written during dry run — no passwords touch your disk.
Sample output:
============================================================
1PASSWORD -> APPLE PASSWORDS CONVERSION REPORT
============================================================
VAULTS:
MyAccount / Personal: 312 items
MyAccount / Work: 145 items
STATE BREAKDOWN:
active: 502
trashed: 47
CATEGORY BREAKDOWN:
Login: 458
Credit Card: 10
Software License: 8
Secure Note: 15
Identity: 6
Membership: 5
DUPLICATES DETECTED: 3 group(s)
github.com / user@email.com (2 copies):
– GitHub [vault: Personal]
– GitHub Work [vault: Work]
PASSWORD HEALTH:
Empty passwords: 51
Short (< 8 char): 12
Reused passwords: 8 group(s)
Step 4: Run the Full Conversion
python3 onepass_to_apple.py export.1pux
This creates an export_output/ directory with everything you need:
export_output/
├── apple_passwords_import.csv ← THE FILE TO IMPORT
├── credit_cards.csv ← Handle manually (Apple Wallet)
├── software_licenses.csv ← Store elsewhere
├── extra_fields_reference.csv ← Backup of items before merge
├── extra_urls_only.csv ← Reference
├── otp_review.csv ← Reference
├── all_fields_flat.csv ← Full archive with every column
├── report.txt ← Summary report
├── raw_all_items.json ← Raw extracted data
├── active_items.json ← Filtered active items
└── files/ ← Attachments (license files, PDFs, documents)
What Happens to Your Data
| Your 1Password Data | Where It Goes |
|---|---|
| Title, URL, Username, Password | Direct columns in Apple import |
| TOTP / 2FA codes | OTPAuth column (Apple supports this natively) |
| Custom fields (recovery codes, PINs, security questions) | Merged into Notes column |
| Extra URLs | Merged into Notes column |
| Credit cards | Separate file — add to Apple Wallet manually |
| Software licenses | Separate file — save to a notes app |
| File attachments (licenses, PDFs) | Copied to files/ folder as-is |
| Trashed/archived items | Filtered out entirely |
The Notes merging looks like this in Apple Passwords:
Your original notes here
— 1Password Custom Fields —
Recovery Codes: abc-123-def-456
Security Question: Name of first pet
PIN: 1234
— Additional URLs —
https://example.com/login
https://example.com/account
Nothing is lost. Every piece of data from 1Password ends up somewhere accessible.
Step 5: Import Into Apple Passwords
macOS Sequoia (15.0+)
- Open the Passwords app
- Go to File → Import Passwords
- Select export_output/apple_passwords_import.csv
- Review the import summary and confirm
Older macOS (via Safari)
- Open Safari → Settings → Passwords
- Click the … menu → Import Passwords
- Select the CSV file
iOS / iPadOS
There’s no direct import on mobile. Import on your Mac — passwords sync automatically via iCloud Keychain.
Step 6: Handle Credit Cards, Licenses, and Attachments
Credit Cards
Apple Passwords doesn’t store credit cards — that’s Apple Wallet’s job.
Open credit_cards.csv and for each card: 1. Open Wallet on your iPhone 2. Tap + → Credit or Debit Card 3. Enter the details manually (or scan the physical card)
Software Licenses
Open software_licenses.csv and save the data wherever you keep reference info — Apple Notes, a spreadsheet, or a dedicated app like your preferred notes app.
File Attachments
1Password lets you attach files to items — license files, PDFs, documents, images. Apple Passwords doesn’t support attachments at all.
The script automatically extracts all attachments from the .1pux file and copies them to export_output/files/. These are preserved exactly as 1Password stored them. Move them somewhere safe (iCloud Drive, a secure folder, etc.) before you delete the output directory.
Step 7: Verify the Import
Before deleting anything, spot-check a few entries:
- Pick 5-10 important logins — check that the password, URL, and username are correct in Apple Passwords
- Check a TOTP item — verify the 2FA code generates correctly
- Check an item with custom fields — open it in Apple Passwords and verify the Notes contain your extra data
- Try logging into a site — use Apple Passwords autofill to confirm it works end-to-end
Step 8: Secure Cleanup
Once you’ve verified everything imported correctly:
# Securely delete all output files (3-pass overwrite)
python3 onepass_to_apple.py export.1pux –secure-delete
Type YES when prompted. This overwrites every file with zeros, then random data, then zeros again, before deleting.
Also delete: – The original export.1pux file – Any copies in your Downloads folder or Trash – Clear your terminal history if you typed any passwords: history -c
Note on SSDs: Secure file deletion isn’t 100% guaranteed on SSDs due to wear-leveling. For complete protection, make sure FileVault is enabled on your Mac (System Settings → Privacy & Security → FileVault). This encrypts your entire disk, so even undeleted remnants are unreadable without your login password.
Advanced Options
Migrate Specific Vaults Only
python3 onepass_to_apple.py export.1pux –interactive
You’ll be prompted to pick which vaults to include. Useful if you only want to migrate your Personal vault but not your Work vault.
Separate File Per Vault
python3 onepass_to_apple.py export.1pux –per-vault
Creates a per_vault/ subdirectory with one Apple-compatible CSV per vault:
per_vault/
├── apple_import_Personal.csv
├── apple_import_Work.csv
└── apple_import_Shared.csv
Custom Output Directory
python3 onepass_to_apple.py export.1pux -o ~/Desktop/migration
What About the Password Health Report?
The report.txt file includes a password health section that runs entirely offline. It’s worth reading before you finish your migration — this is a good time to clean up:
- Reused passwords — same password across multiple sites. Change these after migrating.
- Short passwords — under 8 characters. Upgrade them.
- Empty passwords — items with no password stored. Decide if you still need them.
- Duplicates — same site + username in multiple vaults. Remove the extras after importing.
Think of migration day as a good excuse to do a password audit.
FAQ
Q: Does this script send my passwords anywhere? No. Zero network calls. You can verify this yourself — the script uses no networking imports. Run it in airplane mode if you want to be extra cautious.
Q: What if I have thousands of items? The script handles any number of items. It’s been tested with 500+ items and processes them in seconds.
Q: Will my TOTP/2FA codes work in Apple Passwords? Yes. The script extracts TOTP URIs and places them in the OTPAuth column, which Apple Passwords natively supports. Your 2FA codes will generate in Apple Passwords just like they did in 1Password.
Q: What about 1Password attachments (files, images)? The .1pux format stores attachments in a files/ folder inside the zip. The script automatically extracts all attachments and copies them to export_output/files/. Apple Passwords doesn’t support file attachments, so you’ll need to store these files elsewhere (iCloud Drive, a secure folder, etc.).
Q: Can I go back to 1Password? Yes. Keep your export.1pux file until you’re confident the migration is complete. That file is a full backup of everything.
Q: Does this work on Windows/Linux? The script is pure Python and will run on any platform with Python 3.6+. The import step is macOS/iOS only (Apple Passwords), but you can run the conversion anywhere.
The Code is Open Source
The entire tool is a single Python file — no build step, no dependencies, no binary blobs. Read it, fork it, improve it.
GitHub: github.com/jinuem/1password-to-apple-password
If this helped you migrate, consider starring the repo so others can find it.
Migrating password managers shouldn’t mean losing data or trusting yet another cloud service with your credentials. This tool exists because I needed it myself — and because the secure way should also be the easy way.