To migrate Chrome passwords to a dedicated manager like Bitwarden or 1Password, export your Chrome passwords from chrome://settings/passwords, then import the CSV file into your new manager. This process protects your credentials from Google’s access and enables advanced features like vault sharing, CLI automation, and self-hosting that Chrome’s basic manager cannot provide. This guide provides step-by-step instructions for a complete, secure migration.

Why Migrate to a Dedicated Password Manager

Chrome stores passwords with your Google account encryption, but the management interface remains limited. Dedicated managers like Bitwarden, 1Password, or Vaultwarden offer end-to-end encryption where only you hold the decryption key. These tools provide vault sharing, emergency access, CLI automation, and integration with password getters and secret injection systems.

The fundamental difference lies in who controls your keys. Chrome’s “smart lock” feature syncs passwords to Google’s servers, meaning Google can access your encrypted data. Self-hosted options like Bitwarden or Vaultwarden give you complete ownership.

Step 1 - Export Chrome Passwords

Before importing elsewhere, you need to extract your passwords from Chrome. Several methods exist, ranging from built-in exports to direct database access.

Using Chrome’s Built-in Export

Navigate to chrome://settings/passwords in your browser. Click the three-dot menu next to “Saved Passwords” and select “Export passwords.” Chrome will prompt for your computer password and download a CSV file.

Direct Database Extraction (More Complete)

Chrome stores passwords in a SQLite database. On macOS, access it directly for a more complete export:

Find Chrome's Login Data file
find ~/Library/Application\ Support/Google/Chrome -name "Login Data" -type f

Copy to temp location (Chrome locks the original)
cp ~/Library/Application\ Support/Google/Chrome/Default/Login\ Data /tmp/chrome_logins

Query the database with sqlite3
sqlite3 /tmp/chrome_logins "SELECT origin_url, username_value, password_value FROM logins"

The password values are encrypted with DPAPI on macOS/Windows. For plaintext extraction, use a tool like chrome-decrypt or the hashcat approach if you need to crack your own exported data.

Recommended - Use a Python Script for Clean Export

The chrome-export tool provides cleaner CSV output:

Install chrome-export
pip install chrome-export

Export to CSV
chrome-export --csv /tmp/chrome_passwords.csv

This script handles the decryption automatically using your local Chrome keychain.

Step 2 - Choose Your Destination Manager

Select a password manager that fits your threat model and technical requirements:

• Bitwarden: Open-source, cloud-hosted or self-hosted, excellent CLI
• 1Password: Closed-source, leading UX, CLI
• Vaultwarden: Self-hosted Bitwarden alternative, lightweight
• KeepassXC: Local-only, completely offline, excellent for air-gapped systems

For developers, Bitwarden’s CLI (bw) offers excellent scripting capabilities. Install it:

macOS
brew install bitwarden-cli

Linux (Debian/Ubuntu)
sudo dpkg -i bitwarden-cli_*.deb

Verify installation
bw --version

Step 3 - Import to Your Dedicated Manager

Bitwarden Import Process

First, authenticate with Bitwarden:

bw login your@email.com
Enter master password when prompted

Unlock your vault
bw unlock
Copy the session key shown

Set session for subsequent commands
export BW_SESSION="your_session_key_here"

Bitwarden accepts CSV imports with specific formatting. Your Chrome export may need reformatting:

Reformat CSV for Bitwarden import
Required columns - folder,type,login_uri,login_username,login_password,login_note

Import the formatted CSV
bw import bitwardencsv /path/to/your/formatted_passwords.csv

1Password Import Process

1Password requires CSV transformation using their template:

Download 1Password CLI
brew install --cask 1password-cli

Sign in
op signin

Create items from CSV (requires specific format)
1Password provides import templates on their website

Manual Import with CLI (Most Control)

For full control, create entries programmatically:

Bitwarden - Create individual items
bw get item "New Item" 2>/dev/null || \
bw create item "{
  \"name\": \"Example Site\",
  \"login\": {
    \"username\": \"user@example.com\",
    \"password\": \"your_password_here\",
    \"uri\": \"https://example.com\"
  }
}"

Step 4 - Verify and Clean Up

After import, verify your data transferred correctly:

Bitwarden - List all items
bw list items | jq '.[] | .name'

Check item count matches expectations
bw list items | jq 'length'

Review entries for duplicates or errors. Chrome often creates duplicate entries for the same site with slight URL variations.

Step 5 - Disable Chrome Password Saving

Prevent future passwords from accumulating in Chrome:

1. Open Chrome settings
2. Navigate to “Passwords”
3. Toggle off “Offer to save passwords”
4. Toggle off “Auto Sign-in”

For enterprise environments, Chrome policies can enforce these settings:

// chrome_policy.json
{
  "PasswordManagerEnabled": false,
  "AutoSignInEnabled": false
}

Deploy via MDM or group policy.

Step 6 - Set Up CLI Automation (Recommended)

Now that you’ve migrated, use CLI access for development workflows:

Bitwarden - Get password programmatically
bw get password "github.com" --raw

Bitwarden - Get username
bw get username "github.com" --raw

Bitwarden - Generate TOTP code
bw get totp "github.com" --raw

Integrate into your shell profile:

Add to ~/.zshrc or ~/.bashrc
export BW_SESSION="$(bw unlock --raw)"

Function to get secrets easily
get_secret() {
  bw get "$1" "$2" --"$3"
}

Use these for environment variable injection in deployment scripts:

Inject into environment
export GITHUB_TOKEN="$(bw get password "github.com" --field password)"
export DB_PASSWORD="$(bw get password "production-db" --field password)"

Troubleshooting Common Issues

CSV Formatting Errors

Import failures often stem from encoding or format issues:

Convert to UTF-8
iconv -f ISO-8859-1 -t UTF-8 input.csv > output.csv

Remove BOM if present
sed -i '' '1s/^\xEF\xBB\xBF//' output.csv

Master Password Complexity

Dedicated managers enforce stronger password policies. Ensure your master password meets requirements and consider using a passphrase:

Generate a secure master password
openssl rand -base64 24

Session Timeout

CLI sessions expire for security. Automate re-authentication:

Refresh session automatically
export BW_SESSION="$(bw unlock --raw 2>/dev/null)"

Security Considerations

After migration, enhance your security posture:

1. Enable two-factor authentication on your password manager account
2. Set up emergency access for trusted contacts
3. Use unique, generated passwords for each site (your manager handles remembering them)
4. Enable vault timeout (auto-lock after inactivity)

Frequently Asked Questions

Who is this article written for?

This article is written for developers, technical professionals, and power users who want practical guidance. Whether you are evaluating options or implementing a solution, the information here focuses on real-world applicability rather than theoretical overviews.

How current is the information in this article?

We update articles regularly to reflect the latest changes. However, tools and platforms evolve quickly. Always verify specific feature availability and pricing directly on the official website before making purchasing decisions.

Are there free alternatives available?

Free alternatives exist for most tool categories, though they typically come with limitations on features, usage volume, or support. Open-source options can fill some gaps if you are willing to handle setup and maintenance yourself. Evaluate whether the time savings from a paid tool justify the cost for your situation.

Can I trust these tools with sensitive data?

Review each tool’s privacy policy, data handling practices, and security certifications before using it with sensitive data. Look for SOC 2 compliance, encryption in transit and at rest, and clear data retention policies. Enterprise tiers often include stronger privacy guarantees.

What is the learning curve like?

Most tools discussed here can be used productively within a few hours. Mastering advanced features takes 1-2 weeks of regular use. Focus on the 20% of features that cover 80% of your needs first, then explore advanced capabilities as specific needs arise.

Related Articles

• How to Export Passwords from Any Manager
• Browser Password Manager Vs Dedicated
• What Happens If Password Manager Company
• What to Do If Your Password Manager Vault Was Compromised
• Password Manager Breach Notification Features
• AI Coding Assistant Session Data Lifecycle Built by theluckystrike. More at zovo.one