Popular:
 Building Resilient Systems on AWS: Learn how to design and implement a resilient, highly available, fault-tolerant infrastructure on AWS.

Get Keychain Passwords from Command Line

By  on  

One of my favorite command line utilities is Guillermo Rauch's wifi-password, a utility that allows you to get a saved password for the wifi network you're presently connected to (to share with colleagues or creeper in the cafe you're in).  The idea of being able to get a password from command line is super useful, especially when it comes to retrieving a password for a website.

If I don't recall a password but know that Mac OS' keychain has it, I need to open my browser, go to the desired website, use the developer tools to change the input type from password to text, a process that takes far too long for my liking.  Shouldn't getting a password from keychain be faster?  It can be with security:

sudo security find-internet-password -gs www.facebook.com

The snippet above queries the keychain (sometimes triggering a system permission dialog or two along the way), returning the account (username or email) and password registered on my system for the given domain!

keychain: "/Users/myuser/Library/Keychains/login.keychain-db"
version: 512
class: "inet"
attributes:
   0x00000007 <blob>="www.facebook.com"
   0x00000008 <blob>=<NULL>
   "acct"<blob>="myemailaddress@gmail.com"
   "atyp"<blob>="form"
   "crtr"<uint32>="rimZ"
   "cusi"<sint32>=<NULL>
   "desc"<blob>=<NULL>
   "icmt"<blob>=<NULL>
   "invi"<sint32>=<NULL>
   "nega"<sint32>=<NULL>
   "path"<blob>="/"
   "port"<uint32>=0x00000000
   "prot"<blob>=<NULL>
   "ptcl"<uint32>="htps"
   "scrp"<sint32>=<NULL>
   "sdmn"<blob>=<NULL>
   "srvr"<blob>="www.facebook.com"
   "type"<uint32>=<NULL>
password: "wouldntyouliketoknow"

If you've not explored the security utility, I highly recommend it.  You can get an exported credential list, set passwords, create new dictionaries and more!

Request Metrics real user monitoring
Request Metrics real user monitoring
Request Metrics real user monitoring
Request Metrics real user monitoring

Recent Features

  • By
    6 Things You Didn&#8217;t Know About Firefox OS

    Firefox OS is all over the tech news and for good reason:  Mozilla's finally given web developers the platform that they need to create apps the way they've been creating them for years -- with CSS, HTML, and JavaScript.  Firefox OS has been rapidly improving...

  • By
    9 Mind-Blowing WebGL Demos

    As much as developers now loathe Flash, we're still playing a bit of catch up to natively duplicate the animation capabilities that Adobe's old technology provided us.  Of course we have canvas, an awesome technology, one which I highlighted 9 mind-blowing demos.  Another technology available...

Incredible Demos

  • By
    Create Digg URLs Using PHP

    Digg recently came out with a sweet new feature that allows users to create Tiny Digg URLs which show a Digg banner at the top allowing easy access to vote for the article from the page. While I love visiting Digg every once in a...

  • By
    Hot Effect: MooTools Drag Opacity

    As you should already know, the best visual features of a website are usually held within the most subtle of details. One simple trick that usually makes a big different is the use of opacity and fading. Another awesome MooTools functionality is...

Discussion

  1. mmems

    To get a password from macOS’ keychain you can use “Keychain Access.app” https://support.apple.com/kb/PH20093

  2. Billy Matthews

    I can see the usefulness of accessing this via the command line. But instead of fiddling with the dev tools and input types, why wouldn’t you just use spotlight to open the keychain directly and search from the GUI there? That seems faster than any of these methods.

  3. iPoul

    Would be better if you could search for the password itself, to see where it’s used. Then you would know where to update in case of an adobe breach. xD

  4. Jean-Denis Muys

    In Catalina:

    jdmuys-mbp:~ jdmuys$ sudo security find-internet-password -gs www.facebook.com
Password:
security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain.

    Even though there are 4 password entries for www.facebook.com

    Indeed I need to explore more.

    But accessing the KeyChain from the terminal is a great idea, because Apple’s Keychain Access application is rather limited (even though OK for the use case you outline)

    • Anthony

      The command also fails under Mojave, but still works under Sierra!

      security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain.

Wrap your code in <pre class="{language}"></pre> tags, link to a GitHub gist, JSFiddle fiddle, or CodePen pen to embed!