- Python
- 1Password CLI
- Ensure you have added your 1Password account to the 1Password CLI and have signed in using
op signinoreval $(op signin)prior to executing the script.
- Ensure you have added your 1Password account to the 1Password CLI and have signed in using
- Optionally the LastPass CLI
If you don't want to clone this repo, download the bundle of scripts here:
Download
This script is best run by a LastPass administrator or Superadmin, or anyone else responsible for migrating a large number of LastPass folders to 1Password.
To avoid duplicating labour, creating duplicate items, or duplicate vaults, you may delegate the migration of specific shared folders to certain people, or all shared folders to a single administrator. You may want to revoke other people's access to shared folders during the migration to avoid them showing up in multiple people's exports and ensure that each shared folder and it's items are migrated exactly one time.
You can use this script to migrate both your LastPass Sites and Folders to 1Password. LastPass Site items will be converted to 1Password Login items. LastPass Folders will be converted into 1Password Vaults. Nested folders in LastPass will result in separate, non-nested vaults created as siblings to their parent. Items not belonging to any shared folder will be created in the user's Private vault.
This script uses the 1Password CLI tool to import items from either
- a .csv file on your local machine exported from LastPass's web export or
- directly from the LastPass CLI tool.
(this script has not been tested on exports from the LastPass browser extension or other methods).
# Executes the script (vault_item_import.py) and ingests data directly from LastPass CLI without writing files to disk. Creates items and converts LastPass folders to vaults.
python main.py [--items, -i]
# Executes the script (vault_item_import.py) with the export.csv file located on local machine
python main.py [--items, -i] --file=path_to_csv_file
# Executes the script (vault_item_import.py) skipping credentials from Shared folders
python main.py [--items, -i] --ignore-sharedYou can alternatively use this set of scripts to only convert LastPass folders to 1Password vaults without importing your LastPass items. This takes as its input either a LastPass export .csv based on the grouping columng, or accepts data directly from the LastPass CLI.
This script is a good accompaniment to the the LastPass importer at 1Password.com. For example, if you are responsible for migrating a large number of shared LastPass items and folders, you might consider:
- Export all items and folders you are responsible for from LastPass.
- Use the web importer to import the LastPass data. This data will end up in a single 1Password vault. Each item will be tagged with the LastPass folder that previously contained it.
- Run this script such that it only creates 1Password vaults from your LastPass Folders using either the
.csvexported from LastPass or the LastPass CLI. - Using 1Password's desktop application, select all items associated with a given tag and move them to the vault of the same name.
- Log into 1Password.com and grant the people or groups access to each vault and set their permissions as needed.
# Executes the script in Folder Only mode (folder_migrate.py), ingesting data directly from LastPass CLI without writing files to disk.
python main.py [--folders, -f]
# Executes the script in Folder Only mode (folder_migrate.py) with export.csv file located on local machine
python main.py [--folders, -f] --file=path_to_csv_file
# Executes the script in Folder Only mode (folder_migrate.py), skipping Shared folders
python main.py [--folders, -f] --ignore-shared- Running the script with the folder only option does not create items in 1Password.
- Running the script with the folder only option will not create multiple vaults of the same name. If you have two LastPass folders with the same name, only one 1Password vault will be created.
- 1Password does not have the concept of nested vaults. If you have nested LastPass folders, they will be created as their own 1Password vault and will be a sibling to their parent.
If you do not feel comfortable or are unable to run scripts on your device, or you prefer a simpler solution to migrating your items from LastPass to 1Password, 1Password offers a fast, reliable, and secure importer for your LastPass data, which you can access by logging into your 1Password account.
Our browser based importer will handle multiple item types. This import script will only import login items (LastPass "sites") and will disregard all other item types (e.g., Credit Cards, Secure Notes, etc). You should also use the browser-based importer if you want to import different types of items, as this script only handles LastPass "site"/login items and disregards all other item types.
You can learn more about importing your items from LastPass using our browser-based importer here: https://support.1password.com/import-lastpass/
Note that unlike the browser-based importer, this script will create vaults for any LastPass folders you are migrating, and items will be created in the 1Password vault the corresponds to it's containing LastPass folder.
Note that 1Password does not have the concept of nested vaults. If you have nested LastPass folders, they will be created as their own 1Password vault, and will be a sibling to their parent. Vault names reflect the original hierarchy and will have a name similar to parent_child
This script only migrates LastPass Sites, Credit Card items, Bank Account items, and Secure Note items. Other types of secure notes will have to be migrated by other means.
Migrations will not include TOTP secrets when LastPass CLI is the data source. The LastPass CLI does not include TOTP secrets in it's exports. Therefore if you use the CLI->CLI migration mode, you will have to manually migrate your TOTP secrets.
This script will substitute underscore _ characters for \ or / in Folder Names for compatibility with the 1Password CLI and Secret References.
The LastPass export is unencrypted. As such, additional precuations are necessary to maintain the confidentiality of the data in your exports. This script has the ability to read data directly from the LastPass CLI, avoiding writing secrets to disk.
However, if you cannot use the LastPass CLI and must provide a .csv file from your local computer, prior to exporting your LastPass data, consider the following steps:
- Ensure you are using a computer you trust and which you do not suspect of being compromised in any way.
- Disable all backup software prior to exporting your LastPass data.
- Delete the LastPass export file immidately after running this script.
- Re-enable any backup software you were previously running.
Please note that there is no mechanism to migrate other users' private LastPass items on their behalf. This means if you are part of an organization, each of your team members will have to migrate their own private LastPass data to their 1Password account. For this, we strongly recommend the LastPass importer at 1Password.com.
The LastPass exporter may include all shared folders a user has access to. This means shared folders my appear in multiple people's LastPass exports. To avoid duplicating shared items and vaults upon migration, you may want to coordinate who migrates shared folders. For example, you may delegate the migration specific shared folders to certain people, or all shared folders to a single administrator. You may want to revoke other people's access to shared folders during the migration to avoid them showing up in multiple people's exports and ensure that each shared folder and it's items are migrated exactly one time.
After running this import script, you will need to grant groups and individuals access to any shared vaults they should have access to and set their permissions appropriately. For information about vault permissions in 1Password see Create, share, and manage vaults in your team (for Business customers) and Create and share vaults (for 1Password Families customers).
If you encounter any bugs, odd behaviour, or have suggestions for enhancements, please open an issue and we will consider your suggestion.