Store Script Passwords Securely in Mac OS X

I frequently use scripts that contain passwords. Since storing these pose somewhat of a security risk, I started researching ways to not store any passwords in my scripts, but rather in my Mac OS X keychain or some other keychain such as Ubuntu's keychain. Since most of my scripts are python based these days, the following two lines of Python code rely on Mac OS X's 'security' command to read and print a password from your keychain:

1:  import subprocess as sub
2:  password_cmd= ['security','find-generic-password','-s','booger','-g']  
3:  password_dcrypt = sub.Popen(password_cmd,stdout=sub.PIPE,stderr=sub.PIPE).communicate()[1].rstrip().split(':')[1].lstrip().lstrip('"').rstrip('"')  

This can of course be done in shell scripts just as easily:

1: password_dcrypt=$(security find-generic-password -s booger -g 2>&1|perl -lne 'print $1 if m/password: \"(.+?)\"/g')

Of course, if you haven't already added a password item to your keychain, you can easily do so with the security command. However, note that whichever password you set, will be in your command history so use with caution. The better way would be open up the Keychain utility and manually add or change your password.

1: security add-generic-password -a 'My Booger Account' -s 'booger' -p 'Priceless12345%$#!'


Post a Comment

Popular posts from this blog

Using Audacity as an Oscilloscope

Using Google Command Line Tools to post my Computer Systems Notes

Tracking an LED with OpenCV