Secure Text Entry

[Terminal]

Utilizing Alfred amazing launcher abilities, I've got a few workflows that include passing a password to a command, because I didn't want to type decrypt XXXXXXX (Password) I use a Applescript to prompt me for a secure entry dialog and pass that to my commands, any way to add a "Secure Entry" object that is configured to mask input and strip from debug logs ?

[vitor]

Isn’t using the Keychain an option? You can save password there and read them back with the security CLI tool (bundled with macOS). It’s the method I use to save/read API keys in my Workflows.

[Terminal]

1 hour ago, vitor said:

Isn’t using the Keychain an option? You can save password there and read them back with the security CLI tool (bundled with macOS). It’s the method I use to save/read API keys in my Workflows.

Does this prompt you for your password or is it functional without those prompts ?

[vitor]

2 hours ago, Terminal said:

Does this prompt you for your password or is it functional without those prompts ?

 

If your Keychain is locked, it will prompt you for your account password (to unlock the Keychain). If it is unlocked, it returns the password (or other information you request) without needing anything else.

But it does require that you add your passwords beforehand, which is why I asked if it was an option.

Examples, from PinPlus:

• To add the Pinboard token to the Keychain as a password (could also do it via the GUI): security add-generic-password -a <ACCOUNT NAME> -s 'Pinboard API Token' -w <TOKEN>
• To output the password (e.g. as input to a variable): security find-generic-password -s 'Pinboard API Token' -w
• To delete the entry: security delete-generic-password -s 'Pinboard API Token'

 

Pinboard API Token in the examples could be anything, it’s a descriptor to interact with the specific entry.

[Terminal]

4 minutes ago, vitor said:

 

If your Keychain is locked, it will prompt you for your account password (to unlock the Keychain). If it is unlocked, it returns the password (or other information you request) without needing anything else.

But it does require that you add your passwords beforehand, which is why I asked if it was an option.

Examples, from PinPlus:

• To add the Pinboard token to the Keychain as a password (could also do it via the GUI): security add-generic-password -a <ACCOUNT NAME> -s 'Pinboard API Token' -w <TOKEN>
• To output the password (e.g. as input to a variable): security find-generic-password -s 'Pinboard API Token' -w
• To delete the entry: security delete-generic-password -s 'Pinboard API Token'

 

 

Pinboard API Token in the examples could be anything, it’s a descriptor to interact with the specific entry.

this might be perfect actually ! Thanks for the idea. 

[deanishe]

7 hours ago, Terminal said:

Does this prompt you for your password or is it functional without those prompts ?

 

As a rule, you don't have to enter your password. Your Keychain is unlocked on login, and the software that saves a password automatically has access to it. You should be asked for your password and to allow access to an item if your workflow tries to read an item saved by another program.

 

You likely don't need to mess around with /usr/bin/security directly, either. wf.Keychain.Get() and wf.Keychain.Set().

Edited January 16, 2020 by deanishe