gopass
gopass copied to clipboard
gopasspw
Import passwords from other password managers / file
This is a feature request to help people move from their other password managers to gopass.
Other password managers usually have an export function, including the "password manager" included with Google's Chrome browser. It would be great to have a feature that could work with these exported files.
This could work like this:
gopass import --format=chrome /path/to/export.csv
The format could be csv, chrome, safari or other types of exports. I haven't checked how similar these are and if they are following a common scheme.
I'd be willing to give it a shot if we can agree on how it should work.
I'm not sure if that is something that belongs into gopass itself, as we might just create a huge feature creep by supporting so many different password managers.
I would rather make sure that gopass works with something like https://github.com/roddhjav/pass-import where most of the work has already been done.
I'd usually agree but if it's a feature that helps get people to use gopass I think it would be worthwhile to support (also these are rather static file formats and not subject to a lot of change I'd assume).
Many other password managers do that already and as the abstract says "One explicit goal for this project is to make it more approachable to non-technical users." it should come with batteries included and also make it possible for less-technical people to convert to it.
Not just people who want to run scripts or clone various other projects (https://github.com/roddhjav/pass-import#installation). I'd argue that the install instructions would be very off putting for most less-technical-users especially as it involves Python in a specific version. 😄
Edit: The tool you linked is pretty neat though if you know how to use it, I'd say support for the 5 biggest password managers would be already enough.
I totally get that this would be a nice thing to have. However, how would you determine 5 "biggest" password managers? Also I think we could make this really approachable by providing docs. The only reason I'm a bit against having this in gopass itself, is the fact that people already maintain the other project I linked above, and I don't see ours as well maintained and frequently updated compared to the other one. I could be wrong though.
My aim for gopass was always to provide a good user experience for the majority of the users (and to cover my own use-cases).
I think @metalmatze makes a good point, but I still wouldn't object to supporting the most important password managers with an import feature. Also Windows - and maybe MacOS - users can't use the existing importers as easily as Linux users.
The gopass import <file> command you suggested SGTM. I'd try to detect the input format, if possible, and of course this would need to handle collisions with existing entries.
@metalmatze I’ve given this some more thought and I think you make a great point with that it’s unnecessary to duplicate the work of the other community project for the importers. Especially as we don’t want to reverse engineer some proprietary formats of other managers just to support it.
Maybe the compromise would be to only implement browser password stores for the big browsers Chrome, Firefox and Safari (My guess is that these are all pretty similar) as these are most likely the most common sources that people who never used a password manager and want to switch to one will come from. People who already use another proper password manager would be pointed towards the community project.
What do you think?
I feel it would maybe be best to just completely lean on pass import for extracting passwords for now, and not implement the same functionality again.
It could be particularly viable if you could simply agree on the format of the generated password entries. Maybe they could support your simple format, or a slightly fleshed out version of it? Right now, multiple of the other available password exporters/importers generate the wrong formats, and even browser plug-ins expect different formats. It is one of the primary usability issues that I encountered in the pass ecosystem.
the install instructions would be very off putting for most less-technical-users especially as it involves Python in a specific version
Figures for people who can't install pass and pass import through their package manager, there could just be an AppImage. And/or packages from nix/guix/snap/flatpak, or a container, or maybe some pip or such. There might not even be a need to prepare these here, I think they will virtually inevitably appear anyhow - maybe just link safe methods that work in the docs?
Is there a way to actually export gopass passwords to some common format readable by other password managers e.g. bitwarden?
It doesn't work. After few hours I give up. There doesn't seem to be any reasonable way to export passwords. Different formats make it even more difficult. pass2csv is rejected by bitwarden, no wonder because it brakes on totp and multiline format generated by browser plugin and format generated by gopass new. Even after trying to import just one it didn't work so I gave up. Using json api could be fine except when I tried it was generating some trash and you can't export totp - I gave up. Shell script works, but again, you need to write parsers for several different formats. If it just could export data to one format I could convert that to any other. I have now over 300 passwords, I will probably end up writing some ugly shell script to get most of that and the rest will need to convert manually.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
I am the author of pass-import, and I would like to offer my support if you plan to make gopass works with it. I don't know exactly what you mean by it, but I am willing to make the necessary changes to pass-import.
I'd argue that the install instructions would be very off putting for most less-technical-users especially as it involves Python in a specific version.
It requires (and it is tested) for python 3.4+ witch is pretty large and standard. Furthermore knowing python 2 is almost dead, it would be useless to spend time on it. Regarding the dependencies, I recently tried to make optional most of the dependencies. I plan to improve this in the future. I also plan to make it available from pip.
Thanks a lot for offering your support. I don't know how pass-import works, but it shouldn't be hard at all to support gopass.
It supports (almost) the same commands / arguments as vanilla pass and the default disk layout is also identical.
I'd again suggest to go with a method that ultimately ends creating a wallet filled with the simple YAML format that then also work with gopass bridge in a browser.
It is much but not exactly like what the "pass" author chose in his "Data Organization" at https://www.passwordstore.org/ . The difference is explicit YAML "---", not necessarily any capitalization of attributes, you might have the option to have the password as explicit pass: or password: attribute rather than only on the first line before the YAML starts, and maybe more that I wasn't thinking of right now. One large advantage of defaulting to generating entries explicitly with YAML notation would be to already have most notation conventions covered even if people ever wanted to add more structured data or comments or such. I really don't know how many variants people would chose if it's left open to individual tastes like in original pass, but it'd probably be annoying to parse sooner rather than later.
I don't know how pass-import works, but it shouldn't be hard at all to support gopass.
It is a simple python module. The pass extension itself simply call the python module and pass the arguments. So theoretically, the only thing you need to do in gopass is to call the module with the requested argument.
I'd again suggest to go with a method that ultimately ends creating a wallet filled with the simple YAML format that then also work with gopass bridge in a browser.
What would be the usage of such a format?
- Propose an export file format (similar to passpie)
- Or force the user to convert they password database in your format before to import it.
If we really break compatibility in a 2.x release and possibly implement a custom storage backend this issues moves from nice to have to required.
I think that we should just make sure we are compatible with pass, and have an import path from pass and for people coming from other password manager we could just redirect them to pass-import, and rely on the fact that it already supports so many password managers to convert them to pass format :)
Or we could work with pass-import to try and have something relying on the key-value format we now have. But that would live in pass-import then. (That would be best IMO.)
I've just created a PR for pass-import that aims for native gopass support: https://github.com/roddhjav/pass-import/pull/130
@thomas-mc-work How does an imported entry look?
Does it naturally support the more advanced feature of Gopass, such as the key-value parsing?
I.e. if someone imports from keepass, will they have entries that are formatted like this:
secretpassword
username: bob
url: superwebsite.com
and so running gopass show entry username would give them bob, or is it another format?
Basically, it acts the same as the pass module and doesn't add anything else. Under the hood it inherits all the code of the pass class.
Whatsoever, in my test this was possible.
Do you know where these formats are documented?
This explains how we parse secrets upon output: https://github.com/gopasspw/gopass/blob/master/docs/commands/show.md#parsing-and-secrets
I don't know how the pass entries look like after importation, maybe it's already compatible as is 😄
The PR has been merged :grin: Hopefully a new release will be tagged soon.
hi guys, any news on this? It would be a really amazing feature! and @dominikschulz what about the version 2.0.0 release? when do you plan it?
@bygui86 Nothing changed, but you can import your passwords into gopass using the following procedure:
- install
gopass - initialize your
gopassstore usinggopass init -p ~/.password-storeit is important to have it in that folder - install
pass - use pass-import to import your passwords from your existing password manager
- you can now uninstall
passand usegopasswith all your imported passwords. - if needed, you can move your password store folder to another location than
~/.password-store, you just need to changegopass config path /path/to/your/storeaccordingly.
This works thanks to gopass retro-compatibility with pass.
The issue here is more about trying to have "custom" import tools to import passwords from other password managers while exploiting the added features of gopass such as YAML support.
@bygui86 I can only recommend using https://github.com/roddhjav/pass-import, which works flawlessly for gopass.
This is the full list of supported input formats:
- 1password
- 1pif v4
- csv v4
- aegis
- json
- andotp
- apple-keychain
- bitwarden
- json
- blur
- csv
- buttercup
- chrome
- csv
- clipperz
- csv
- dashlane
- json
- encryptr
- enpass
- csv
- firefox
- csv
- fpm
- freeotp+
- gnome
- gnome-auth
- gopass
- gorilla
- kedpm
- keepass
- csv
- xml
- keepassx
- keepassx2
- csv
- keepassxc
- csv
- keeper
- lastpass
- myki
- network-manager
- padlock
- pass
- passman
- json
- passpack
- passpie
- pwsafe
- revelation
- roboform
- saferpass
- upm
- zoho
- csv
Using https://github.com/roddhjav/pass-import whit gopass is very easy.
Just install
pip3 install pass-import
and import from downloaded file for example:
pimport gopass firefox ~/Downloads/logins.csv --out ~/.local/share/gopass/stores/root/
