Terminal Posted January 15, 2020 Posted January 15, 2020 Utilizing Alfred amazing launcher abilities, I've got a few workflows that include passing a password to a command, because I didn't want to type decrypt XXXXXXX (Password) I use a Applescript to prompt me for a secure entry dialog and pass that to my commands, any way to add a "Secure Entry" object that is configured to mask input and strip from debug logs ?
vitor Posted January 15, 2020 Posted January 15, 2020 Isn’t using the Keychain an option? You can save password there and read them back with the security CLI tool (bundled with macOS). It’s the method I use to save/read API keys in my Workflows.
Terminal Posted January 16, 2020 Author Posted January 16, 2020 1 hour ago, vitor said: Isn’t using the Keychain an option? You can save password there and read them back with the security CLI tool (bundled with macOS). It’s the method I use to save/read API keys in my Workflows. Does this prompt you for your password or is it functional without those prompts ?
vitor Posted January 16, 2020 Posted January 16, 2020 2 hours ago, Terminal said: Does this prompt you for your password or is it functional without those prompts ? If your Keychain is locked, it will prompt you for your account password (to unlock the Keychain). If it is unlocked, it returns the password (or other information you request) without needing anything else. But it does require that you add your passwords beforehand, which is why I asked if it was an option. Examples, from PinPlus: To add the Pinboard token to the Keychain as a password (could also do it via the GUI): security add-generic-password -a <ACCOUNT NAME> -s 'Pinboard API Token' -w <TOKEN> To output the password (e.g. as input to a variable): security find-generic-password -s 'Pinboard API Token' -w To delete the entry: security delete-generic-password -s 'Pinboard API Token' Pinboard API Token in the examples could be anything, it’s a descriptor to interact with the specific entry.
Terminal Posted January 16, 2020 Author Posted January 16, 2020 4 minutes ago, vitor said: If your Keychain is locked, it will prompt you for your account password (to unlock the Keychain). If it is unlocked, it returns the password (or other information you request) without needing anything else. But it does require that you add your passwords beforehand, which is why I asked if it was an option. Examples, from PinPlus: To add the Pinboard token to the Keychain as a password (could also do it via the GUI): security add-generic-password -a <ACCOUNT NAME> -s 'Pinboard API Token' -w <TOKEN> To output the password (e.g. as input to a variable): security find-generic-password -s 'Pinboard API Token' -w To delete the entry: security delete-generic-password -s 'Pinboard API Token' Pinboard API Token in the examples could be anything, it’s a descriptor to interact with the specific entry. this might be perfect actually ! Thanks for the idea.
deanishe Posted January 16, 2020 Posted January 16, 2020 (edited) 7 hours ago, Terminal said: Does this prompt you for your password or is it functional without those prompts ? As a rule, you don't have to enter your password. Your Keychain is unlocked on login, and the software that saves a password automatically has access to it. You should be asked for your password and to allow access to an item if your workflow tries to read an item saved by another program. You likely don't need to mess around with /usr/bin/security directly, either. wf.Keychain.Get() and wf.Keychain.Set(). Edited January 16, 2020 by deanishe
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now