Rob Allen

Pragmatism in the real world

Command line access to the Mac Keychain with keyring

While reading Alex Chan’s post about experimenting with the Flickr API, I noticed the call out to keyring by Jason Coombs for accessing the macOS Keychain.

The built-in app: security

The built-in way to access the keychain from the command line is /usr/bin/security:

To create a password:

$ security add-generic-password -s FlickrAPI -a rodeo -w redacted-key

Note that you need to include the password on the command line in clear test, so it’s now in your history unless you remembered to include a space before security.

Then, to retrieve it:

$ security find-generic-password -s FlickrAPI -a rodeo -w
redacted-key

Not especially difficult, but not the easiest to remember.

Keyring makes it simpler

To set a password using keyring:

$ keyring set FlickrAPI caledonia
Password for 'caledonia' in 'FlickrAPI':

It doesn’t display your password as you enter it, so no history issues to worry about.

Again, retrieving is simpler too:

$keyring get FlickrAPI rodeo
redacted-key

Rather usefully, it also works on Windows and Linux in addition to Mac, utilising the appropriate backend. You can even use it with other backends.

As with Alex’s use-case, I can see how this is a nice tool for using in CLI scripts to get access to API keys or other secrets while keeping them secure.

This article was posted on in Command Line, Computing

Search

I'm Rob Allen, a software consultant and engineering leader, concentrating on HTTP APIs. A proponent of Open Source, I maintain rst2pdf and Slim Framework, and contribute to Apache OpenWhisk amongst other OSS projects.

I live in the UK, run 19FT and publish Daily Jotter for Mac. I am a public speaker and wrote Zend Framework in Action.

Follow

Nineteen Feet Limited logo

Books I've written

Zend Framework in Action book cover
C++Builder 5 Developer's Guide book cover