Command line access to the Mac Keychain with keyring
source link: https://akrabat.com/command-line-access-to-the-mac-keychain-with-keyring/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Command line access to the Mac Keychain with keyring
While reading Alex Chan’s post about experimenting with the Flickr API, I noticed the call out to keyring by Jason Coombs for accessing the macOS Keychain.
The built-in app: security
The built-in way to access the keychain from the command line is /usr/bin/security:
To create a password:
$ security add-generic-password -s FlickrAPI -a rodeo -w redacted-key
Note that you need to include the password on the command line in clear test, so it’s now in your history unless you remembered to include a space before security.
Then, to retrieve it:
$ security find-generic-password -s FlickrAPI -a rodeo -w redacted-key
Not especially difficult, but not the easiest to remember.
Keyring makes it simpler
To set a password using keyring:
$ keyring set FlickrAPI caledonia Password for 'caledonia' in 'FlickrAPI':
It doesn’t display your password as you enter it, so no history issues to worry about.
Again, retrieving is simpler too:
$keyring get FlickrAPI rodeo redacted-key
Rather usefully, it also works on Windows and Linux in addition to Mac, utilising the appropriate backend. You can even use it with other backends.
As with Alex’s use-case, I can see how this is a nice tool for using in CLI scripts to get access to API keys or other secrets while keeping them secure.
This article was posted on 23 April 2024 in Command Line, Computing
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK