1Password is a genuinely excellent password manager. This isn't one of those guides that pretends otherwise.
It is also $36 a year, or $60 a year for a family plan, or $96 for a teams plan — paid forever, in exchange for storing an encrypted copy of your vault on someone else's servers. For a lot of people, that trade is worth it. For a growing number of people, it isn't anymore. Either because the recurring cost has finally registered, or because the family wants something simpler than "everyone log in to the family plan with their own credentials," or because the realization landed that "encrypted on someone else's server" still means on someone else's server.
If that's you — if you've decided to move from 1Password to a vault that lives on your phone, costs $7.99 once, and never syncs to a cloud you don't control — this is the guide.
The whole switch takes about a minute once your CSV is in front of you.
What You'll Need
- A 1Password account you can still sign into through the desktop app.
- A Mac or PC. 1Password's mobile apps don't export to CSV — only the desktop apps and web clients do.
- SecureKeep installed on your phone. iOS or Android. The CSV import lives in
Settings → Tools → Import from CSV, or as the Import CSV button at the top of the credentials list.
That's the whole list. No bridge tool, no second account, no in-between stage.
Step 1 — Export Your 1Password Vault
1Password 8 (the current version) supports a CSV export of your Logins items. Here's the path:
- Open the 1Password 8 desktop app and unlock your vault.
- Click the vault you want to export from in the sidebar (most users have a "Personal" vault; if you have multiple, decide whether you want them merged or kept separate before you export).
- From the menu bar, choose File → Export → CSV (macOS) or Settings menu → Export → CSV (Windows).
- Re-enter your 1Password Account Password.
- Save the file. It downloads as something like
1Password Export.csv.
The file is plaintext and includes: title, url, username, password, notes, and an otpauth URI for any items where you stored a one-time-password seed in 1Password.
It is also entirely readable. We will deal with that in Step 4.
A note on what 1Password's CSV export includes: it covers Login items only. Documents, secure notes, identities, and software licenses are not part of the CSV export — they need to be exported separately, or stored in SecureKeep as secure notes or as document attachments. SecureKeep handles those data types; just not via the same CSV.
Step 2 — Open SecureKeep and Tap "Import from CSV"
On your phone:
- Open SecureKeep and unlock your vault. (If you don't have one yet, the first-run wizard walks you through creating one in about six minutes — finish that first, then come back here.)
- From the dashboard, tap Passwords, then tap the Import CSV button at the top of the list.
- The picker that opens is the standard iOS or Android files picker. Find the
1Password Export.csvyou saved in Step 1.
A small note on a deliberate v3.0.0 design choice: the document picker is exempted from SecureKeep's lock-on-background protection. We added that exemption specifically because file-picking moves your phone "to the background" from the OS's perspective, and we didn't want choosing your CSV to lock the vault and force you to start over. The exemption is narrow, scoped to known system pickers, and ends the moment the picker closes.
Step 3 — Review the Detected Format
SecureKeep auto-detects the format from the column headers. For 1Password, it looks for the columns archived, tags, and title. When all three are present, it sets the parser to 1Password.
You'll see a banner: "Detected format: 1Password" along with three numbers — total rows, skipped rows (empty entries, duplicates), and the final count ready to import.
Two things happen automatically here:
- Host-and-username deduplication. If you already have a credential for
gmail.comwith the same username, importing again won't create a duplicate. The importer matches by hostname plus username. Same hostname with a different username (your work and personal Gmail, for example) imports as a separate credential — exactly the behavior you want for family vaults. - TOTP secrets land in the right place. Any
otpauth://URI in the CSV becomes a structured TOTP secret on the imported credential, separate from the password and separate from any backup codes. v3.0.0's structured 2FA means your authenticator codes don't get jammed into the password field or the notes field — they have a real place to live.
Tap Import and confirm. The whole import is transactional and all-or-nothing: if any single row fails to encrypt and write to disk, the entire import is rolled back. You won't end up with "I think I imported 187 of 200 — which 13 failed?" There are no partial states.
Step 4 — Delete the CSV
This is the step most guides skip. Don't.
1Password Export.csv is a plaintext copy of every login you own. Sitting in your Downloads folder. Indexed by Spotlight. Possibly synced to iCloud Drive or Google Drive depending on your settings. Possibly backed up in Time Machine.
After the import succeeds:
- Delete the CSV from your Downloads folder.
- Empty Trash (macOS) or Recycle Bin (Windows). Files in the trash are still recoverable until you do.
- If you saved a copy anywhere else — a USB stick, a folder named
1password-temp, an email to yourself — delete those too. - If you use Time Machine and you're cautious, exclude the export folder before the next backup runs, or remove the CSV before backup time.
The most common mistake people make leaving 1Password is not the export or the import. It's leaving the CSV around afterward. SecureKeep can't reach into your computer to clean that up — only you can.
What Gets Imported, What Doesn't
| 1Password field | Imported into SecureKeep |
|---|---|
title |
Credential label |
url |
URL (normalized — http:// upgraded to https:// where applicable) |
username |
Username |
password |
Password |
notes |
Notes |
otpauth |
TOTP secret (structured 2FA) |
tags |
Not imported in v3.0.0 — folders and tags are flat in SecureKeep today |
archived |
Read for detection only |
What's not in the CSV at all:
- Documents (PDFs, identity scans). Export separately or upload directly to SecureKeep as encrypted documents — there's a built-in document section per vault.
- Secure notes (when stored as 1Password Note items, not as the
notesfield on a Login). Copy these manually into SecureKeep's secure notes section. - Identities and addresses. Manual copy.
- Software licenses, SSH keys, server credentials. Manual copy.
- Watchtower history. Not portable. SecureKeep's Password Health dashboard will run its own analysis on the imported data and flag reuse, weak passwords, and old credentials.
Why People Are Switching from 1Password (The Honest Version)
This guide doesn't need you to be unhappy with 1Password. But three reasons come up over and over in our inbox:
The recurring cost. $36/year for the Personal plan. $60/year for Families. After ten years that's $360 to $600 — for software whose core function is the same as it was a decade ago. SecureKeep is $7.99 once. The math isn't subtle. (We wrote a longer post on the no-subscription angle here.)
The architecture. 1Password is a beautifully designed app with a thoughtful security model — and it still keeps an encrypted copy of your vault on its servers. The encryption is real. The vault is also real, sitting on infrastructure you don't control, available to be subpoenaed, exfiltrated, or held to ransom. SecureKeep doesn't sync. Your vault lives on your phone, encrypted with a key derived from your master password, and never leaves the device unless you explicitly export a backup. There is no SecureKeep server holding a copy of your vault to be stolen, because there is no SecureKeep server.
The family model. 1Password Families is a multi-user product — each family member has their own account, vaults are shared between accounts, and recovery depends on a designated family organizer. SecureKeep models families differently: one device holds multiple vaults, one per trusted person. A spouse vault. A parent vault. A child vault. You unlock the device's vault with your master password and operate inside whichever person's vault you're prepping. Different model, different fit, depending on what your family actually needs. (Read more about the family vault model here.)
None of these are reasons to panic-leave a manager you're happy with. They are reasons to think about what you actually want from one.
After the Import — A Five-Minute Cleanup
- Open Password Health (Settings → Password Health) and look at the reuse + age summary. 1Password's Watchtower will not have flagged everything; SecureKeep will run its own analysis and give you the top three things to fix this week.
- Walk through any TOTP codes you imported. Open one, confirm the 6-digit code matches what your authenticator app shows. If it does, you can retire the authenticator app for that site (or keep both — your call).
- Set up your Emergency Card and your trusted person. The whole point of having credentials in one place is so the people who depend on you can reach them when they need to.
- Decide whether to keep paying 1Password. If the answer is no, remove your payment method, archive your account, or delete it outright. If the answer is yes (some people run both for a while during transition), set yourself a calendar reminder to revisit in 90 days.
Frequently Asked Questions
Is the CSV import secure? The CSV is read on your device, parsed in memory, and each credential is encrypted with your vault's per-vault data encryption key (AES-256-GCM) before being written to disk. The plaintext CSV exists only in memory during the import and is discarded as soon as the transaction completes.
Can I import to a specific vault if I have multiple? Yes. The import lands in whichever vault is currently open. Switch vaults from the picker before tapping Import CSV.
What happens to my 1Password tags and folder structure? Tags and folders aren't imported in v3.0.0. SecureKeep is currently flat with category-based filtering. Tagging is on the roadmap; if it lands, we'll backfill.
Will the import overwrite my existing credentials? No. Host-and-username dedupe means existing credentials are preserved. Only new ones are added. To replace an existing entry, edit it manually after the import.
What about my 1Password secure notes? Note items in 1Password aren't part of the CSV export. Copy them manually into SecureKeep's secure notes — there's a dedicated section per vault.
Does the import work on iPad? Yes. Same Files-based picker. Same flow.
Can I run 1Password and SecureKeep in parallel for a while? Of course. Some people do this for 30–90 days while they get comfortable. Just remember the CSV becomes stale the moment you change a password in either app — re-export and re-import (or update manually) when that happens.
Related reading:
- How to Import Passwords from LastPass to SecureKeep
- 1Password vs SecureKeep: Subscription vs One-Time Pricing
- Password Managers Without a Subscription: 2026 Buyer's Guide
- The 6-Minute Family Password Vault Setup
SecureKeep is a $7.99 one-time-purchase encrypted vault for iOS and Android. Multi-vault, emergency cards, voice messages, password health, CSV import from seven password managers — all encrypted locally, no cloud account required. See all features →