credential-vault
Importing secrets
Bring secrets in from 1Password, Bitwarden, LastPass, CSV and SSH client configs, so adopting VaultTerm is not a from-scratch rewrite.
Updated Jun 23, 2026
Adopting VaultTerm should not mean re-entering every secret by hand. The vault imports from the common password managers and from your existing SSH setup, so you can move what you already have and start from there.
Supported import sources
VaultTerm can import from:
- 1Password
- Bitwarden
- LastPass
- CSV — a generic spreadsheet export
- SSH client configs — your existing SSH client configuration, so known hosts and key references come across rather than being recreated
Imported records land as the appropriate secret type, so a password comes in as a
PASSWORD, an SSH key as an SSH_KEY, and so on.
How an import works
- Export your data from the source tool in its supported format (for example a 1Password, Bitwarden or LastPass export, or a CSV).
- In VaultTerm, choose the vault the records should land in.
- Start an import and select the matching source.
- Upload the export file (or point the importer at your SSH client config).
- Review the parsed records and confirm.
- The records are stored under envelope encryption as their detected secret types.
After import, run a credential health scan so anything weak, old or reused that came across is flagged for rotation.
Exporting
Export is supported in JSON and CSV. Because an export produces a portable copy of secret material,
it is restricted to org admins — a VIEWER or EDITOR cannot export the vault. As with everything
else, exports are subject to the audit trail. Treat any exported file as sensitive plaintext and handle
it accordingly.
Where to go next
- See how imported records are typed in Secret types.
- Clean up anything weak that came across in Credential health.
- Set up who can share what in Sharing and rotation.