The login item template that is retrieved using the command bw get template item.login consists of the following data:
{"fido2Credentials":
[{"credentialId":"keyId",
"keyType":"keyType",
"keyAlgorithm":"keyAlgorithm",
"keyCurve":"keyCurve",
"keyValue":"keyValue",
"rpId":"rpId",
"userHandle":"userHandle",
"userName":"userName",
"counter":"counter",
"rpName":"rpName",
"userDisplayName":"userDisplayName",
"discoverable":"false",
"creationDate":null}],
"uris":[],
"username":"jdoe",
"password":"myp@ssword123",
"totp":"JBSWY3DPEHPK3PXP"
}
As you can see, the default template includes a dummy TOTP secret (JBSWY3DPEHPK3PXP). Therefore, unless you set the .totp field to null before you create a new login item, the new item will contain this default secret key.