Goodboy for Mac

A local Mac app that routes credentials between browsers, native password managers, and local vaults.

Requires macOS 26 (Tahoe) or later.

All Items
Sources
All Items
iCloud iCloud 260
Brave Brave 2
Chrome — Smart Home Chrome — Smart Home 30
Edge Edge 1
Opera Opera 1
Chrome — Personal Chrome — Personal 11
Chrome — john@gboy.app Chrome — john@gboy.app 6
Chrome — Work Chrome — Work 1
1Password 1Password 1
Bitwarden Bitwarden 642
ProtonPass ProtonPass 618
KeePass CLI — Passwords... KeePass CLI — Passwords... 86
KeePass CLI — Passwords3... KeePass CLI — Passwords3... 1
Filters
All Items 1,660
Has OTP 142
Passkeys 38
Name Username Password Source
appleid.apple.com
john… ••••••••••••• Smart Home
appleid.apple.com
john… KeePass CLI
argos.co.uk
john… ••••••••••••• KeePass CLI
chat.openai.com
john… ••••••••••••• Smart Home
cloud.digitalocean.com
john… ••••••••••••• Smart Home
cloud.digitalocean.com
john… ••••••••••••• KeePass CLI
console.aws.amazon.com
john… ••••••••••••• Smart Home
console.aws.amazon.com
john… ••••••••••••• KeePass CLI
dash.cloudflare.com
john… ••••••••••••• Smart Home
dashboard.stripe.com
john… ••••••••••••• Smart Home
discord.com
john… ••••••••••••• Smart Home
discord.com
john… ••••••••••••• KeePass CLI
dropbox.com
john@gboy.app ••••••••••••• Smart Home
ebay.com
john@gboy.app ••••••••••••• Smart Home
facebook.com
john@gboy.app ••••••••••••• Smart Home
gboy.app
john@gboy.app KeePass CLI
github.com
john@gboy.app ••••••••••••• Smart Home
github.com
john@gboy.app ••••••••••••• KeePass CLI
github.com
john@gboy.app KeePass CLI
gitlab.com
john@gboy.app ••••••••••••• Smart Home
[14:48:54] OK: Deleted 3 items from SecuredBox
Export to...
1,660 credentials
Apple Passwords
Apple Passwords
Chrome
Chrome
johnthegoodboy-work@gmail.com
Chrome
Chrome
johnthegoodboy@gmail.com
Chrome
Chrome
johnthegoodboy-work2@gmail.com
Chrome
Chrome
johnthegoodboy2@gmail.com
KeePass CLI
KeePass CLI
Passwords.kdbx
KeePass CLI
KeePass CLI
Passwords3.kdbx
Bitwarden JSON
Bitwarden JSON

Read from a source device, stage the transfer in SecuredBox, then write to compatible destination devices.

01. Setup Device Setup

Browsers

No password to type here — Chrome already stored its encryption key in the macOS Keychain when the user first signed in. Click Connect in device settings and Goodboy asks the OS for permission to read that key. One Touch ID or macOS password prompt on first access; silent thereafter.

iCloud

In the Passwords app, choose File → Export All Passwords and select Goodboy. The system launches the app with an NSUserActivity of type ASCredentialExchangeActivity carrying a one-shot UUID token; Goodboy redeems it with ASCredentialImportManager. Apple mediates the exchange — no credential data touches the file system, no clipboard, no CSV.

KeePassXC

Enter the master password for the .kdbx database. Goodboy auto-detects which database to use from KeePassXC's recently-opened list. If the database uses a key file, provide the path.

ProtonPass

Install the CLI: brew install protonpass/tap/pass-cli. These are regular Proton credentials:

  • Proton email + password (required).
  • 2FA code (if enabled) — one-time, never saved.
  • Mailbox password (rare) — two-password mode accounts only.

Bitwarden

Install the CLI: brew install bitwarden-cli. Then in device settings:

  • Master password (required) — the same password used at vault.bitwarden.com.
  • API Client ID + Secret — at vault.bitwarden.com → Settings → Security → Keys.
  • Server URL (optional) — for .eu or self-hosted vaults.

1Password

  1. Open 1Password → Settings → Developer.
  2. Enable "Integrate with 1Password CLI".
  3. Click Connect in Goodboy and approve the biometric prompt.

The 1Password desktop app must be running during the transfer — it brokers authentication, so Goodboy never sees the master password. The op CLI is a separate install: brew install 1password-cli.

For headless use (CLI, MCP), authenticate with a service account token instead — created at start.1password.com → Developer Tools → Service Accounts. The token (starts with ops_) is shown once.