Mac OSX keychain options when using commandline

Mac_OSX_keychain_options_commandline.md

Unlock Keychain

• Explanation: this can be used to remotely (or within a Terminal session) to unlock keychain
• Requirements/Restrictions:
  • You must know the keychain password
  • This is confirmed to work on Mac OSX High Sierra, but may have different usage on other Mac OSX versions (Sierra, Mojave, etc)
• Cautions/Warnings:

  • This will unlock your keychain, which is a potential security risk that you may not want to happen.

    # command to use in Bash, will prompt for the password
    # If no keychain is specified, then the default will be used
    security -i unlock-keychain
    

Stop 'Enter password to unlock keychain' from happening when you initiate an SSH session

• Explanation: This will either/both start the SSH keychain daemon, or add the SSH Key to be a stored passwrod within keychain
• Requirements/Restrictions:
  • You must know the SSH KEY password.
  • This is confirmed to work on Mac OSX Sierra and HighSierra, but may have different usage on other Mac OSX versions (Yosemite, Mojave, etc)
• Cautions/Warnings:

  • If you use the first method, then you will still have to enter the password for the next Terminal session and/or reboot.

  • If you use the second method, then you will not be prompted for your SSH Passcode again; this may not be what you want to happen.

    # command to use in Bash, method 1, you'll be prompted for your SSH Key passphrase
    ssh-add -K ~/.ssh/id_rsa
    # command to use in Bash, method 1, you'll be prompted for your SSH Key passphrase once and not after
    # modify or create the config file at ~/.ssh/config with these lines:
    Host *
        UseKeychain yes
    

Export the secure note contents from Keychain

• Explanation: This will output the contents of a secure note to STDOUT. There is not a simple one-step option to do this; see "Requirements/Restrictions", as well as "Cautions/Warnings"
• Requirements/Restrictions:
  • If you do not set security to an allowed application within the Keychain GUI, a popup window will appear in the current machine asking for permission. There is no way around this.
  • You must also set the -i option to allow for interactive input.
  • See this writeup and example
• Cautions/Warnings:

  • The contents may still be encrypted to STDOUT, this depends on your settings

    # command to use in Bash, NOTENAME == the actual string for the note name in Keychain
    security -i find-generic-password -C note -s "NOTENAME" -w
    

Export an internet password from Keychain

• Explanation: This will output the contents of a secure note to STDOUT.
• Requirements/Restrictions:
  • You must either set security to an allowed application within the Keychain GUI, a popup window will appear in the current machine asking for permission.
  • Or you can use the -i flag (see below)
• Cautions/Warnings:

  • None

    # command to use in Bash.  If you do not use the -i flag, a popup will appear on the computer asking for permission. This popup cannot be accessed from commandline
    security -i find-internet-password -l LABEL