Secure Password storage for bash scripts on MacOS

Simple Passwords

If the secure key is only a short text string, the only thing you need is:

security add-generic-password -a $USER -s name-of-the-note \
-w "PASSWORD"
mysql --user=user_name \
--
password \
$(security find-generic-password -a $USER -s name-of-a-note -w)

Complex multiline password files

Sometimes you might have a file (e.g. htpasswd) with multiple passwords on multiple lines.

$ security find-generic-password -a $USER -C note \
-s name-of-the-note -w
75736572313a61363039333136373638363139663135346566353864623464383437623735650a75736572323a6635323264316437313539373030373361363431333437346361306530663633
$ security find-generic-password -a $USER -C note \
-s name-of-the-note -w | xxd -r -p -
user1:a609316768619f154ef58db4d847b75e
user2:f522d1d715970073a6413474ca0e0f63
security delete-generic-password -a $USER \
-s name-of-the-note -w
security add-generic-password -a $USER -s name-of-the-note -C note \
-w "$(cat passwords.txt)"

Conclusion

The MacOS keychain is an easy solution with a graphical user interface to handle any kind of secret and allows to get a usability similar to normal applocations.

--

--

Fast-track professional successful in the design, development and deployment of technology strategies and policy. Experienced leading Internet and IS operations

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Andreas Heissenberger

Andreas Heissenberger

Fast-track professional successful in the design, development and deployment of technology strategies and policy. Experienced leading Internet and IS operations