Goodboy makes
passwords flow.

A Mac app and MCP server that moves credentials between iCloud Keychain, Chrome, KeePassXC, and other password stores.

Download for Mac GitHub

The people who need Goodboy usually have the same setup: iCloud on the iPhone, Chrome on the Mac, maybe KeePassXC as a local backup. That is exactly where mainstream managers stop being helpful: passkeys get stranded, TOTP seeds do not make the trip, and you end up exporting a CSV and hoping you remember to delete it.

Goodboy takes a different path. It reads and writes Chrome's local database on your Mac, imports and exports Apple's passkeys and OTP data, and exposes KeePassXC, Bitwarden, 1Password, ProtonPass, and the rest over MCP. 1Password and Bitwarden built MCP servers for their own vaults; Goodboy is the bridge for the sources that still did not have one: Chrome's local database, iCloud Keychain, KeePassXC, and ProtonPass.

All Items
Sources
All Items
iCloud iCloud 260
Brave Brave 2
Chrome — Smart Home Chrome — Smart Home 30
Edge Edge 1
Opera Opera 1
Chrome — Personal Chrome — Personal 11
Chrome — john@gboy.app Chrome — john@gboy.app 6
Chrome — Work Chrome — Work 1
1Password 1Password 1
Bitwarden Bitwarden 642
ProtonPass ProtonPass 618
KeePass CLI — Passwords... KeePass CLI — Passwords... 86
KeePass CLI — Passwords3... KeePass CLI — Passwords3... 1
Filters
All Items 1,660
Has OTP 142
Passkeys 38
Name Username Password Source
appleid.apple.com
john… ••••••••••••• Smart Home
appleid.apple.com
john… KeePass CLI
argos.co.uk
john… ••••••••••••• KeePass CLI
chat.openai.com
john… ••••••••••••• Smart Home
cloud.digitalocean.com
john… ••••••••••••• Smart Home
cloud.digitalocean.com
john… ••••••••••••• KeePass CLI
console.aws.amazon.com
john… ••••••••••••• Smart Home
console.aws.amazon.com
john… ••••••••••••• KeePass CLI
dash.cloudflare.com
john… ••••••••••••• Smart Home
dashboard.stripe.com
john… ••••••••••••• Smart Home
discord.com
john… ••••••••••••• Smart Home
discord.com
john… ••••••••••••• KeePass CLI
dropbox.com
john@gboy.app ••••••••••••• Smart Home
ebay.com
john@gboy.app ••••••••••••• Smart Home
facebook.com
john@gboy.app ••••••••••••• Smart Home
gboy.app
john@gboy.app KeePass CLI
github.com
john@gboy.app ••••••••••••• Smart Home
github.com
john@gboy.app ••••••••••••• KeePass CLI
github.com
john@gboy.app KeePass CLI
gitlab.com
john@gboy.app ••••••••••••• Smart Home
[14:48:54] OK: Deleted 3 items from SecuredBox
Export to...
1,660 credentials
Apple Passwords
Apple Passwords
Chrome
Chrome
johnthegoodboy-work@gmail.com
Chrome
Chrome
johnthegoodboy@gmail.com
Chrome
Chrome
johnthegoodboy-work2@gmail.com
Chrome
Chrome
johnthegoodboy2@gmail.com
KeePass CLI
KeePass CLI
Passwords.kdbx
KeePass CLI
KeePass CLI
Passwords3.kdbx
Bitwarden JSON
Bitwarden JSON

The Native Paradox

There's a reason Apple Passwords feels more natural on Safari than any third-party extension, and it's the same reason Google's password manager works better on Chrome and Android. The native managers are built into the operating system and the browser. Everything else is bolted on from outside.

The gap is architectural, not effort. Natives get privileged access to hardware security modules, UI frameworks, form parsing, and authentication pipelines. Third-party managers (Bitwarden, 1Password, Dashlane) reach the same surfaces through mediated public APIs — with intentional limitations built in.

Read the full breakdown →

Under the hood.
Three technical choices that set Goodboy apart.

Chrome decryption

AES-256-GCM SQLite, Safe Storage key from the macOS Keychain, dual-table sync mode across six Chromium browsers.

iCloud passkey catch

Apple's system hands the app a one-shot token via ASCredentialExchangeActivity; Goodboy redeems it with ASCredentialImportManager and writes straight into KeePassXC. Solves KeePassXC issue #11363 from the outside.

Bidirectional CXP

Most tools treat Apple's Credential Exchange Protocol as read-only. Goodboy writes back too — passkeys, passwords, and OTP seeds, both directions.

Not a vault.
A credential routing layer.

Credentials come in, move across systems, and leave. SecuredBox holds them in RAM only, cleared on quit, on explicit clear, or at flow end. Nothing stays behind.

The App.
Free. Native. Yours.

A free macOS app. Pick a source, pick a destination, Goodboy handles the rest. Browsers and KeePassXC auto-discover; password managers with their own CLI take a one-time setup.

Download for Mac

The MCP Server.
Credentials for agents.

1Password and Bitwarden ship MCP servers for their own vaults. Goodboy's server also reaches Chrome's local SQLite, iCloud Keychain, and KeePassXC — sources most credential MCP servers do not expose.

MCP Server
Coming Soon

Pro.
The Native Paradox, resolved.

Your top passwords, auto-synced between iCloud and Google. Headless Chrome write, single-item iCloud sync, AI-powered import, SecuredBox editing.

Buy once, own it forever.