Popular:
 Building Resilient Systems on AWS: Learn how to design and implement a resilient, highly available, fault-tolerant infrastructure on AWS.

Get Keychain Passwords from Command Line

By  on  

One of my favorite command line utilities is Guillermo Rauch's wifi-password, a utility that allows you to get a saved password for the wifi network you're presently connected to (to share with colleagues or creeper in the cafe you're in).  The idea of being able to get a password from command line is super useful, especially when it comes to retrieving a password for a website.

If I don't recall a password but know that Mac OS' keychain has it, I need to open my browser, go to the desired website, use the developer tools to change the input type from password to text, a process that takes far too long for my liking.  Shouldn't getting a password from keychain be faster?  It can be with security:

sudo security find-internet-password -gs www.facebook.com

The snippet above queries the keychain (sometimes triggering a system permission dialog or two along the way), returning the account (username or email) and password registered on my system for the given domain!

keychain: "/Users/myuser/Library/Keychains/login.keychain-db"
version: 512
class: "inet"
attributes:
   0x00000007 <blob>="www.facebook.com"
   0x00000008 <blob>=<NULL>
   "acct"<blob>="myemailaddress@gmail.com"
   "atyp"<blob>="form"
   "crtr"<uint32>="rimZ"
   "cusi"<sint32>=<NULL>
   "desc"<blob>=<NULL>
   "icmt"<blob>=<NULL>
   "invi"<sint32>=<NULL>
   "nega"<sint32>=<NULL>
   "path"<blob>="/"
   "port"<uint32>=0x00000000
   "prot"<blob>=<NULL>
   "ptcl"<uint32>="htps"
   "scrp"<sint32>=<NULL>
   "sdmn"<blob>=<NULL>
   "srvr"<blob>="www.facebook.com"
   "type"<uint32>=<NULL>
password: "wouldntyouliketoknow"

If you've not explored the security utility, I highly recommend it.  You can get an exported credential list, set passwords, create new dictionaries and more!

Request Metrics real user monitoring
Request Metrics real user monitoring
Request Metrics real user monitoring
Request Metrics real user monitoring

Recent Features

  • By
    Vibration API

    Many of the new APIs provided to us by browser vendors are more targeted toward the mobile user than the desktop user.  One of those simple APIs the Vibration API.  The Vibration API allows developers to direct the device, using JavaScript, to vibrate in...

  • By
    Chris Coyier&#8217;s Favorite CodePen Demos

    David asked me if I'd be up for a guest post picking out some of my favorite Pens from CodePen. A daunting task! There are so many! I managed to pick a few though that have blown me away over the past few months. If you...

Incredible Demos

  • By
    Basic AJAX Requests Using MooTools 1.2

    AJAX has become a huge part of the modern web and that wont change in the foreseeable future. MooTools has made AJAX so simple that a rookie developer can get their dynamic pages working in no time. Step 1: The XHTML Here we define two links...

  • By
    Smooth Scrolling with MooTools Fx.SmoothScroll

    I get quite a few support requests for my previous MooTools SmoothScroll article and the issue usually boils down to the fact that SmoothScroll has become Fx.SmoothScroll. Here's a simple usage of Fx.SmoothScroll. The HTML The only HTML requirement for Fx.SmoothScroll is that all named...

Discussion

  1. mmems

    To get a password from macOS’ keychain you can use “Keychain Access.app” https://support.apple.com/kb/PH20093

  2. Billy Matthews

    I can see the usefulness of accessing this via the command line. But instead of fiddling with the dev tools and input types, why wouldn’t you just use spotlight to open the keychain directly and search from the GUI there? That seems faster than any of these methods.

  3. iPoul

    Would be better if you could search for the password itself, to see where it’s used. Then you would know where to update in case of an adobe breach. xD

  4. Jean-Denis Muys

    In Catalina:

    jdmuys-mbp:~ jdmuys$ sudo security find-internet-password -gs www.facebook.com
Password:
security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain.

    Even though there are 4 password entries for www.facebook.com

    Indeed I need to explore more.

    But accessing the KeyChain from the terminal is a great idea, because Apple’s Keychain Access application is rather limited (even though OK for the use case you outline)

    • Anthony

      The command also fails under Mojave, but still works under Sierra!

      security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain.

Wrap your code in <pre class="{language}"></pre> tags, link to a GitHub gist, JSFiddle fiddle, or CodePen pen to embed!