Store Script Passwords Securely in Mac OS X

I frequently use scripts that contain passwords. Since storing these pose somewhat of a security risk, I started researching ways to not store any passwords in my scripts, but rather in my Mac OS X keychain or some other keychain such as Ubuntu's keychain. Since most of my scripts are python based these days, the following two lines of Python code rely on Mac OS X's 'security' command to read and print a password from your keychain:

1:  import subprocess as sub
2:  password_cmd= ['security','find-generic-password','-s','booger','-g']  
3:  password_dcrypt = sub.Popen(password_cmd,stdout=sub.PIPE,stderr=sub.PIPE).communicate()[1].rstrip().split(':')[1].lstrip().lstrip('"').rstrip('"')  

This can of course be done in shell scripts just as easily:

1: password_dcrypt=$(security find-generic-password -s booger -g 2>&1|perl -lne 'print $1 if m/password: \"(.+?)\"/g')

Of course, if you haven't already added a password item to your keychain, you can easily do so with the security command. However, note that whichever password you set, will be in your command history so use with caution. The better way would be open up the Keychain utility and manually add or change your password.

1: security add-generic-password -a 'My Booger Account' -s 'booger' -p 'Priceless12345%$#!'

Comments

  1. I came here expecting quantum encryption.

    (Just kidding nice work)

    ReplyDelete

  2. Hi, i think that i saw you visited my web site thus i came to “return the favor”.I'm attempting to find things to improve my site!I suppose its ok to use a few of your ideas!! hotmail login

    ReplyDelete

Post a Comment

Popular posts from this blog

Using Audacity as an Oscilloscope

Using Google Command Line Tools to post my Computer Systems Notes