Skip to main content

Importing Secrets

CloudKeep makes it easy to bring your existing secrets along. Import from common file formats or migrate directly from popular password managers with our guided import wizard.

Supported File Formats

.env files

The most common format for developer secrets. CloudKeep parses standard .env syntax including quoted values, inline comments, and multiline strings.

# .env example
DATABASE_URL="postgres://user:pass@host:5432/mydb"
REDIS_URL=redis://localhost:6379
STRIPE_SECRET_KEY=sk_live_...
# Comments and blank lines are ignored

To import, navigate to a vault, click Import, select .env as the format, and upload your file. Each line becomes a separate secret with the key and value preserved.

JSON

Import a flat JSON object where each key is the secret name and each value is the secret value:

{
  "DATABASE_URL": "postgres://user:pass@host:5432/mydb",
  "API_KEY": "sk_live_abc123",
  "SMTP_PASSWORD": "hunter2"
}

Nested JSON objects are not supported. Flatten nested structures before importing, or use the .env format instead.

CSV

Import from a CSV file with key and value columns. An optional type column lets you categorise secrets during import:

key,value,type
DATABASE_URL,postgres://user:pass@host:5432/mydb,credential
API_KEY,sk_live_abc123,api_key
SMTP_PASSWORD,hunter2,credential

Importing from 1Password

  1. 1

    Select vault

    Open 1Password and select the vault you want to export.
  2. 2

    Export CSV

    Go to File → Export → CSV. Choose “All Items” or a specific category.
  3. 3

    Save file

    Save the exported CSV file to a secure location on your computer.
  4. 4

    Open CloudKeep

    In CloudKeep, open the destination vault and click Import.
  5. 5

    Select source

    Select 1Password as the source. Upload the CSV file.
  6. 6

    Review mapping

    CloudKeep maps 1Password fields (username, password, website, notes) to CloudKeep secret fields automatically. Review the mapping and adjust if needed.
  7. 7

    Complete import

    Click Import to complete the migration. Delete the exported CSV afterwards.

Importing from LastPass

  1. 1

    Export from LastPass

    Log in to LastPass in your browser and go to Advanced Options → Export.
  2. 2

    Save file

    LastPass exports a CSV file. Save it to a secure location.
  3. 3

    Open CloudKeep

    In CloudKeep, open the destination vault and click Import.
  4. 4

    Select source

    Select LastPass as the source and upload the CSV.
  5. 5

    Review mapping

    Review the field mapping — LastPass fields (url, username, password, extra, name, grouping) are mapped to CloudKeep fields automatically.
  6. 6

    Complete import

    Click Import and securely delete the CSV file when done.

Importing from Bitwarden

  1. 1

    Open export

    Log in to the Bitwarden Web Vault and go to Tools → Export Vault.
  2. 2

    Choose format

    Choose JSON as the export format (recommended for the most complete data). Enter your master password to confirm.
  3. 3

    Save file

    Save the exported file to a secure location.
  4. 4

    Open CloudKeep

    In CloudKeep, open the destination vault and click Import.
  5. 5

    Select source

    Select Bitwarden as the source and upload the JSON file.
  6. 6

    Review and import

    CloudKeep parses the Bitwarden export format and maps login credentials, secure notes, and custom fields. Review the preview and click Import.

Import Wizard

The import wizard guides you through three steps:

  1. 1

    Choose Source

    Select the file format or password manager you are importing from.
  2. 2

    Upload & Map

    Upload your file and review how fields will be mapped to CloudKeep secrets. Adjust mappings, rename keys, or skip individual items.
  3. 3

    Review & Confirm

    See a summary of what will be imported, including duplicate detection. Duplicates are flagged and you can choose to skip, overwrite, or rename them.

Handling Import Errors

If errors occur during import, CloudKeep provides a detailed error report:

  • Duplicate keysa secret with the same key already exists in the vault. Choose to skip, overwrite, or import with a renamed key.
  • Invalid formatthe file does not match the expected structure. Verify you selected the correct source format.
  • Empty valueskeys with blank values are flagged. You can choose to import them as empty secrets or skip them.
  • Encoding issuesensure your file is saved as UTF-8. Non-UTF-8 characters may cause parsing failures.

Imports are atomic: if a critical error occurs, no secrets are created and you can retry after fixing the issue.

Next Steps

  • Export — learn how to export your secrets for backup or migration.
  • CLI Tool — use cloudkeep set --from-file to import individual secrets from files.