Posts

Showing posts from August, 2013

Store Script Passwords Securely in Mac OS X

I frequently use scripts that contain passwords. Since storing these pose somewhat of a security risk, I started researching ways to not store any passwords in my scripts, but rather in my Mac OS X keychain or some other keychain such as Ubuntu's keychain. Since most of my scripts are python based these days, the following two lines of Python code rely on Mac OS X's 'security' command to read and print a password from your keychain:

1: import subprocess as sub 2: password_cmd= ['security','find-generic-password','-s','booger','-g'] 3: password_dcrypt = sub.Popen(password_cmd,stdout=sub.PIPE,stderr=sub.PIPE).communicate()[1].rstrip().split(':')[1].lstrip().lstrip('"').rstrip('"')
This can of course be done in shell scripts just as easily:

1: password_dcrypt=$(security find-generic-password -s booger -g 2>&1|perl -lne 'print $1 if m/password: \"(.+?)\"/g')
Of course, …