Get Keychain Passwords from Command Line
One of my favorite command line utilities is Guillermo Rauch's wifi-password, a utility that allows you to get a saved password for the wifi network you're presently connected to (to share with colleagues or creeper in the cafe you're in). The idea of being able to get a password from command line is super useful, especially when it comes to retrieving a password for a website.
If I don't recall a password but know that Mac OS' keychain has it, I need to open my browser, go to the desired website, use the developer tools to change the input type from password to text, a process that takes far too long for my liking. Shouldn't getting a password from keychain be faster? It can be with security:
sudo security find-internet-password -gs www.facebook.com
The snippet above queries the keychain (sometimes triggering a system permission dialog or two along the way), returning the account (username or email) and password registered on my system for the given domain!
keychain: "/Users/myuser/Library/Keychains/login.keychain-db" version: 512 class: "inet" attributes: 0x00000007 <blob>="www.facebook.com" 0x00000008 <blob>=<NULL> "acct"<blob>="myemailaddress@gmail.com" "atyp"<blob>="form" "crtr"<uint32>="rimZ" "cusi"<sint32>=<NULL> "desc"<blob>=<NULL> "icmt"<blob>=<NULL> "invi"<sint32>=<NULL> "nega"<sint32>=<NULL> "path"<blob>="/" "port"<uint32>=0x00000000 "prot"<blob>=<NULL> "ptcl"<uint32>="htps" "scrp"<sint32>=<NULL> "sdmn"<blob>=<NULL> "srvr"<blob>="www.facebook.com" "type"<uint32>=<NULL> password: "wouldntyouliketoknow"
If you've not explored the security utility, I highly recommend it. You can get an exported credential list, set passwords, create new dictionaries and more!
To get a password from macOS’ keychain you can use “Keychain Access.app” https://support.apple.com/kb/PH20093
I can see the usefulness of accessing this via the command line. But instead of fiddling with the dev tools and input types, why wouldn’t you just use spotlight to open the keychain directly and search from the GUI there? That seems faster than any of these methods.
Would be better if you could search for the password itself, to see where it’s used. Then you would know where to update in case of an adobe breach. xD
In Catalina:
Even though there are 4 password entries for
www.facebook.comIndeed I need to explore more.
But accessing the KeyChain from the terminal is a great idea, because Apple’s Keychain Access application is rather limited (even though OK for the use case you outline)
The command also fails under Mojave, but still works under Sierra!
security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain.