hoakley Macs, Technology

How to export passwords and other secrets

Whether or not you use a third-party password manager, one important question to ask is how can you keep an independent record of all those website passwords and related secrets, outside of your browser and password manager? If you aren’t yet using an app like 1Password to manage those passwords, how could you migrate to using one, or are your current passwords trapped in Safari’s clutches? Surprisingly, when I went to look for answers to these questions, I was confronted with all sorts of scripts to copy password details out one by one, but no one seemed to have spotted the simple answer: export them to a CSV file.

In Safari 15, this is really simple. Open Safari’s Preferences, select the Passwords tool, and authenticate to gain access to your list of passwords. At the foot of that list you’ll see three tools: +, –, and a drop-down menu from an ellipsis …. Click on the latter and select the Export Passwords… command, and follow the prompts to create a CSV file containing all those passwords.

passwordexport1

If you’re using Monterey, you can also do this in the new Passwords pane, which essentially duplicates the interface still present in Safari.

passwordexport2

The resulting CSV file contains, in order, the following fields:

  • Title – the name of the service,
  • Url – the URL used to connect to it,
  • Username – the username or email address,
  • Password – the password,
  • OTPAuth – almost invariably empty.

Several third-party password managers will import those without any further manipulation. Secrets and Keeper are particularly flexible here, as they let you specify how to convert each field for the import process. Don’t waste time with the Keeper Import app, though, which iterates painfully through copying each password from Safari’s Preferences, one at a time: simply export to CSV and import the whole lot at once.

One or two of these apps may not like the order of fields in the file as exported from Safari. For those you can open the CSV in Numbers and rearrange the order of columns, then export it as a new CSV file from there.

Whatever you do, don’t try using Keychain Access to export passwords, as it doesn’t. It’s excellent for exporting security certificates and keys, and supports several standard file types to make it easy to copy your developer signing certificates from one Mac to another, for example. But when it comes to passwords, it’s just the wrong tool.

My apologies to those who’ve laboured long and hard developing ingenious scripts to perform this task, but it’s so much simpler to export as CSV.

Finally, don’t forget to store your exported CSV file somewhere secure, preferably in an encrypted disk image, or similar.