Get Keychain Passwords from Command Line

By  on  

One of my favorite command line utilities is Guillermo Rauch's wifi-password, a utility that allows you to get a saved password for the wifi network you're presently connected to (to share with colleagues or creeper in the cafe you're in).  The idea of being able to get a password from command line is super useful, especially when it comes to retrieving a password for a website.

If I don't recall a password but know that Mac OS' keychain has it, I need to open my browser, go to the desired website, use the developer tools to change the input type from password to text, a process that takes far too long for my liking.  Shouldn't getting a password from keychain be faster?  It can be with security:

sudo security find-internet-password -gs www.facebook.com

The snippet above queries the keychain (sometimes triggering a system permission dialog or two along the way), returning the account (username or email) and password registered on my system for the given domain!

keychain: "/Users/myuser/Library/Keychains/login.keychain-db"
version: 512
class: "inet"
attributes:
   0x00000007 <blob>="www.facebook.com"
   0x00000008 <blob>=<NULL>
   "acct"<blob>="myemailaddress@gmail.com"
   "atyp"<blob>="form"
   "crtr"<uint32>="rimZ"
   "cusi"<sint32>=<NULL>
   "desc"<blob>=<NULL>
   "icmt"<blob>=<NULL>
   "invi"<sint32>=<NULL>
   "nega"<sint32>=<NULL>
   "path"<blob>="/"
   "port"<uint32>=0x00000000
   "prot"<blob>=<NULL>
   "ptcl"<uint32>="htps"
   "scrp"<sint32>=<NULL>
   "sdmn"<blob>=<NULL>
   "srvr"<blob>="www.facebook.com"
   "type"<uint32>=<NULL>
password: "wouldntyouliketoknow"

If you've not explored the security utility, I highly recommend it.  You can get an exported credential list, set passwords, create new dictionaries and more!

Recent Features

  • By
    Create Namespaced Classes with MooTools

    MooTools has always gotten a bit of grief for not inherently using and standardizing namespaced-based JavaScript classes like the Dojo Toolkit does.  Many developers create their classes as globals which is generally frowned up.  I mostly disagree with that stance, but each to their own.  In any event...

  • By
    CSS vs. JS Animation: Which is Faster?

    How is it possible that JavaScript-based animation has secretly always been as fast — or faster — than CSS transitions? And, how is it possible that Adobe and Google consistently release media-rich mobile sites that rival the performance of native apps? This article serves as a point-by-point...

Incredible Demos

  • By
    MooTools Link Fading

    We all know that we can set a different link color (among other properties) on the hover event, but why not show a little bit more dynamism by making the original color fade to the next? Using MooTools 1.2, you can achieve that effect. The MooTools...

  • By
    Dijit&#8217;s TabContainer Layout:  Easy Tabbed Content

    One of Dojo's major advantages over other JavaScript toolkits is its Dijit library.  Dijit is a UI framework comprised of JavaScript widget classes, CSS files, and HTML templates.  One very useful layout class is the TabContainer.  TabContainer allows you to quickly create a tabbed content...

Discussion

  1. To get a password from macOS’ keychain you can use “Keychain Access.app” https://support.apple.com/kb/PH20093

  2. Billy Matthews

    I can see the usefulness of accessing this via the command line. But instead of fiddling with the dev tools and input types, why wouldn’t you just use spotlight to open the keychain directly and search from the GUI there? That seems faster than any of these methods.

  3. iPoul

    Would be better if you could search for the password itself, to see where it’s used. Then you would know where to update in case of an adobe breach. xD

  4. Jean-Denis Muys

    In Catalina:

    jdmuys-mbp:~ jdmuys$ sudo security find-internet-password -gs www.facebook.com
    Password:
    security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain.
    

    Even though there are 4 password entries for www.facebook.com

    Indeed I need to explore more.

    But accessing the KeyChain from the terminal is a great idea, because Apple’s Keychain Access application is rather limited (even though OK for the use case you outline)

    • Anthony

      The command also fails under Mojave, but still works under Sierra!

      security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain.

Wrap your code in <pre class="{language}"></pre> tags, link to a GitHub gist, JSFiddle fiddle, or CodePen pen to embed!