Import from Bitwarden

Passwork 7 supports migration from Bitwarden using a Python script built on top of the official Python connector. The process is API-based and helps preserve your data structure while moving to an on-premise Passwork instance.

gefahr

Before running the import, create a Passwork database backup and test the process in a staging environment.

What is imported and what is not

Imported

• Bitwarden items of type login and secure note;
• Bitwarden collections;
• folders from a Bitwarden personal vault export;
• item name, notes (description), login, password;
• URLs from login.uris (as URL list);
• TOTP (as a custom field with totp type);
• custom fields:
  • type 0 and type 2 -> text;
  • type 1 -> password.

Not imported

• Bitwarden attachments;
• item types other than login and secure note (they are skipped);
• unsupported custom field types (warning is written to log).

Files

Download import.py

Download requirements.txt

Step 1. Export data from Bitwarden

This guide uses Bitwarden Web Vault as an example because organization export is available in the web interface.

info

If you need to export an individual (personal) vault from browser extension, desktop, or mobile app, use the relevant section of the Bitwarden documentation.

1. Open Bitwarden and go to Tools → Export.

2. Choose organization export or specific vault export, select JSON → Export.

3. Confirm export by entering your Bitwarden master password.

4. Make sure the .json file was downloaded successfully. This file will be used as input for import.py.

Step 2. Prepare environment and run script

Linux / macOS

python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
python3 import.py ./bitwarden_export.json --host "https://passwork.example.com" --token "YOUR_ACCESS_TOKEN"

PowerShell

python -m venv .venv
.venv\Scripts\Activate.ps1
pip install -r requirements.txt
python import.py .\bitwarden_export.json --host "https://passwork.example.com" --token "YOUR_ACCESS_TOKEN"

Script parameters

Required

• file — path to Bitwarden JSON export file;
• --host — Passwork host URL;
• --token — access token (accessToken).

Optional

• --master-key — master key (when client-side encryption is enabled);
• --refresh-token — refresh token (refreshToken);
• --vault-id — existing vault ID for import target;
• --collections — comma-separated list of collection names or IDs.

Run examples

Import into separate vaults (by collections)

shell

python3 import.py ./bitwarden_export_org.json \
  --host "https://passwork.example.com" \
  --token "YOUR_ACCESS_TOKEN"

Import selected collections only

shell

python3 import.py ./bitwarden_export_org.json \
  --host "https://passwork.example.com" \
  --token "YOUR_ACCESS_TOKEN" \
  --collections "Collection 1,Collection 2"

Import into an existing vault

shell

python3 import.py ./bitwarden_export_org.json \
  --host "https://passwork.example.com" \
  --token "YOUR_ACCESS_TOKEN" \
  --vault-id "VAULT_ID"

Step 3. Interactive prompts

If optional arguments are not provided in CLI, the script may ask for them interactively:

Input comma-separated list of collection IDs or names to export (optional):
Input Passwork vault ID to import data to (optional):

Press Enter to skip a prompt.

Step 4. Confirmation and logging

Before import starts, the script prints a summary and asks for confirmation:

The following collections will be exported: Private vault
Continue operation? (Y/N):

During execution, the script creates a log file in the current directory:

import-YYYY-MM-DD_HH-MM-SS.log

The log includes created vaults/folders, item import steps, and skipped data warnings.

Arguments

To print all available arguments:

shell

python3 import.py --help