diff --git a/skyvern/forge/sdk/services/bitwarden.py b/skyvern/forge/sdk/services/bitwarden.py
index 94b68c0d..20c2946a 100644
--- a/skyvern/forge/sdk/services/bitwarden.py
+++ b/skyvern/forge/sdk/services/bitwarden.py
@@ -1,5 +1,6 @@
 import json
 import os
+import re
 import subprocess
 from enum import StrEnum
 
@@ -16,6 +17,11 @@ from skyvern.exceptions import (
 LOG = structlog.get_logger()
 
 
+def is_valid_email(email: str) -> bool:
+    pattern = r"^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$"
+    return re.match(pattern, email) is not None
+
+
 class BitwardenConstants(StrEnum):
     CLIENT_ID = "BW_CLIENT_ID"
     CLIENT_SECRET = "BW_CLIENT_SECRET"
@@ -161,8 +167,21 @@ class BitwardenService:
                 if "login" in item
             ]
 
-            # Todo: Handle multiple credentials, for now just return the last one
-            return credentials[-1] if credentials else {}
+            if len(credentials) == 0:
+                return {}
+
+            if len(credentials) == 1:
+                return credentials[0]
+
+            # Choose multiple credentials according to the defined rule,
+            # if no cred matches the rule, return the first one.
+            # TODO: For now hard code to choose the first valid email username
+            for cred in credentials:
+                if is_valid_email(cred.get(BitwardenConstants.USERNAME, "")):
+                    return cred
+
+            LOG.warning("No credential in Bitwarden matches the rule, returning the frist match")
+            return credentials[0]
         finally:
             # Step 4: Log out
             BitwardenService.logout()