Jump to content

Can Alfred search the Mac Keychain


gthiruva

Recommended Posts

  • 2 weeks later...
  • 4 years later...

URL schemes are poor man's automation used by iOS developers. AppleScript dictionaries is where it's at!

 

Unfortunately, Keychain Access doesn't have one of those either :(

 

Realistically, I think your best bet is "generic" AppleScript automation to simulate the input:

 

tell application "Keychain Access"

    activate

    delay 0.5 -- wait for app to open/activate

    tell application "System Events"

        keystroke "f" using {command down, option down} -- ensure search bar is focussed

        keystroke "my search terms" -- enter search query

    end tell

end tell

 

Link to comment

AppleScript's "KeyChain Access" is pretty terrible.  However, the kind bloke(s) at Red-Sweater software (maker of FastScripts) have made a scripting addition aptly referred to as the Usable Keychain Scripting

 

It allows you to search using whose filters as with other enumerated AppleScript collections, e.g.

 

tell application "Usable Keychain Scripting" to tell ¬

        the current keychain to get the ¬

        password of every internet password ¬

        whose name contains "google.com"

Edited by CJK
Link to comment

Are such additions also usable via JXA?

 

It's a lot easier to generate Script Filter JSON from JS than from AppleScript, which is presumably what you'd want to do (i.e. show the results in Alfred).

 

If you're messing about with passwords, this pasteboard script might be helpful. It marks the pasteboard data as "concealed", which Alfred's own Copy to Clipboard doesn't do. That's important to stop clipboard managers remembering the password.

 

Link to comment
On 10/6/2018 at 7:46 PM, deanishe said:

Are such additions also usable via JXA?

 

Yes, e.g.:

 

var app = Application('Usable Keychain Scripting')

app.currentKeychain.keychainItems.whose({name: {_contains: 'CK'} })()

 

I don't have Mojave but I'm hearing lots and lots of reports that it's ballsed everything up for AppleScripters, particularly as it no longer permits the use of scripting additions (people wonder why I never use them, and this is why).  However, as the Usable Keychain Scripting is an application, it can be scripted just like any other scriptable application that one downloads.

Link to comment
  • 3 weeks later...
On 10/6/2018 at 7:14 PM, CJK said:

AppleScript's "KeyChain Access" is pretty terrible.  However, the kind bloke(s) at Red-Sweater software (maker of FastScripts) have made a scripting addition aptly referred to as the Usable Keychain Scripting

 

It allows you to search using whose filters as with other enumerated AppleScript collections, e.g.

 

tell application "Usable Keychain Scripting" to tell ¬

        the current keychain to get the ¬

        password of every internet password ¬

        whose name contains "google.com"

This is very cool!

 

I have been unable to figure out the scripting to access "Web form password" (Keychain parlance) which is what all the passwords I want to search are stored as. Basically, website passwords.

 

Also, I recently discovered - likely somewhat belatedly - that I can copy the password of a keychain item by selecting its row and using the context menu. No need to open the item, unlock, select text, copy - which is what I have been doing for decades! Oops.

Link to comment
On 10/29/2018 at 12:10 PM, gingerbeardman said:

I have been unable to figure out the scripting to access "Web form password"

 

Web form passwords aren't part of the accessible keychain, either through Usable Keychain Scripting or regular Keychain Access apple scripting, or even through bash security program.  I believe those are stored in the iCloud keychain, and not the login keychain.  Such a pain, but possibly good from a security standpoint.

Link to comment
  • 2 weeks later...
  • 2 months later...

So I finally put together a workaround for this using UI scripting.

 

https://www.gingerbeardman.com/alfred/Search Keychain.alfredworkflow

 

  1. Accept keyword and argument
  2. Launch Keychain Access via Alfred Workflow
  3. AppleScript focus search box, enter argument, copy password prompt, quit Keychain Access
  4. (user enter password and confirm)

The core of it is the AppleScript:

on alfred_script(q)
	activate application "Keychain Access"
	tell application "System Events"
		tell process "Keychain Access"
			set value of text field 1 of group 2 of toolbar 1 of window "Keychain Access" to q
			click button 1 of text field 1 of group 2 of toolbar 1 of window "Keychain Access"
			click menu item "Copy Password to Clipboard" of menu 1 of menu bar item "Edit" of menu bar 1
		end tell
	end tell
	quit application "Keychain Access"
end alfred_script

 

Edited by gingerbeardman
Link to comment

Thanks gingerbeardman!!  I was able to tweak yours just a bit to get it working with Mojave.  Quick question.  Do you know of a way to pass in an account with a service/platform to filter results? It tends to be sorted alphabetically if I just pass in "google.com" for example.  Trying to filter out specific accounts.

Link to comment
  • 3 weeks later...
On 1/21/2019 at 7:41 PM, gingerbeardman said:

So I finally put together a workaround for this using UI scripting.

 

https://www.gingerbeardman.com/alfred/Search Keychain.alfredworkflow

 

  1. Accept keyword and argument
  2. Launch Keychain Access via Alfred Workflow
  3. AppleScript focus search box, enter argument, copy password prompt, quit Keychain Access
  4. (user enter password and confirm)

The core of it is the AppleScript:


on alfred_script(q)
	activate application "Keychain Access"
	tell application "System Events"
		tell process "Keychain Access"
			set value of text field 1 of group 2 of toolbar 1 of window "Keychain Access" to q
			click button 1 of text field 1 of group 2 of toolbar 1 of window "Keychain Access"
			click menu item "Copy Password to Clipboard" of menu 1 of menu bar item "Edit" of menu bar 1
		end tell
	end tell
	quit application "Keychain Access"
end alfred_script

 

 

I have to modify "group 2" to "group 1" to make it work on Mojave

Link to comment
  • 3 weeks later...

Sorry for the late response!

 

Interesting the UI has changed in Mojave. A better way to do it in this instance, that will work in Mojave and earlier, is to say "last group" rather than "group X". I've changed the workflow to do this.

 

Next, I have modified the workflow (same download) to have two keywords:

 

pw = automatically copy first matching password (as it was before)

kc = search and display all matches (I often use this)

 

On 1/21/2019 at 6:38 PM, rapatt said:

Thanks gingerbeardman!!  I was able to tweak yours just a bit to get it working with Mojave.  Quick question.  Do you know of a way to pass in an account with a service/platform to filter results? It tends to be sorted alphabetically if I just pass in "google.com" for example.  Trying to filter out specific accounts.

I do not know how to filter search from the search field.

 

One thing that helps is if you set your default column sorts in Keychain before you use this workflow.

 

- click column header "Kind" (arrow points down = descending)

 

this gives me a list with web form passwords at the top, a good match for use with "pw" keyword

 

Another alternative is to create a new set of keychain entries for commonly searched for passwords with unique/shortcut names.

 

Let me know how you get on!

 

 

Edited by gingerbeardman
Link to comment
  • 7 months later...

@gingerbeardman Thanks for this great workflow, this is exactly what I needed!
Are there any new developments since?

I was looking at your script and have a suggestion which might be less prone to changes in the UI.

You could replace the search/input part:

set value of text field 1 of group 2 of toolbar 1 of window "Keychain Access" to q
click button 1 of text field 1 of group 2 of toolbar 1 of window "Keychain Access"


To something like this, using the menu bar instead:

click menu item "Find" of first menu of menu bar item "Edit" of first menu bar
keystroke q

 

Link to comment
  • 1 month later...
  • 1 year later...

Alright, I played with it and changes just minor things, and ended up with a version that works well for me.

 

http://files.timbru.com/alfred/Search Keychain.alfredworkflow

 

Some changes:

  • Works on Big Sur
  • Keyword ka without a parameter just launches Keychain Access
  • Keyword ka with a parameter will launch Keychain Access and search for the keyword
  • Using the Cmd+Shift modifier will copy the first search result, e.g. similar to the Keychain Access built-in behaviour
  • Using the Cmd modifier will launch Keychain Access. Now that I type this, not sure if needed, I'll probably remove it. 

I hope it's useful to others.

Have a nice day. 

alfred-copy-pw.gif

Link to comment

@gr8 off topic but:  what keystroke visualizer did you use for that screen recording? It doesn't look like any of the ones I know of:

Also slightly OT but, for quick retreival of encrypted secrets, I'm very happy with Bitwarden + blacs30/bitwarden-alfred-workflow. May be safer/faster than this scripting addition which seems to have been last updated in 2011.
 
Link to comment
  • 1 month later...
On 12/11/2020 at 5:09 PM, luckman212 said:

@gr8 off topic but:  what keystroke visualizer did you use for that screen recording?

 

It was added with Camtasia, they have built in annotation feature. 

Link to comment
  • 4 weeks later...
On 12/11/2020 at 4:09 PM, luckman212 said:

 May be safer/faster than this scripting addition which seems to have been last updated in 2011.

Seriously?

 

I take offence at the viewpoint that if something hasn't been updated recently it must be bad/broken/untrustworthy.

 

You may not be talking about my workflow, but:

 

  • My workflow was created in 2019
  • It does not use a scripting addition
  • It still works without issue (for me; I use it daily) and that's why it has not been updated
  • It just automates user interactions, so there is no inherent unsafeness about it
  • And it's very fast, not slow at all

 

HTH

 

Edited by gingerbeardman
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...