Reading Keychain Passwords from the Command Line


Apple's Keychain is a nice way to store your passwords in an encrypted database. Apple provides the Keychain Access GUI application to view and manage passwords. You can do all sorts of cool stuff with it, like have multiple keychains for extra security. I just found out you can also view and manage passwords from the command line using the security(1) tool. It's got a lot of subcommands and options, but here's the syntax if you want to find the password for an IMAP email account:

% security find-internet-password -g -r imap -a <ACCOUNT> -s <SERVER>

You can replace "imap" with other protocols like "https" to access Web passwords. One issue is it will prompt you for access to the keychain using the standard "Deny", "Allow Once", "Always Allow" GUI dialog. This makes it somewhat useless during remote access. However, if you click on "Always Allow", then the command line tool can access the password to that account only for all future invocations without a dialog. A second issue is that it prints the password to standard error. So if your using it from a script, be sure to redirect standard error to standard output:

output = `security find-internet-password ... 2>&1`
blog comments powered by Disqus

About this Entry

This page contains a single entry by Dave published on January 16, 2006 1:00 PM.

Building Ruby, Rails, and LightTPD on Tiger with Encap was the previous entry in this blog.

Unit Testing a Bundle in Xcode is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.


Powered by Movable Type 4.1