MacOS stores credentials and SSL/TLS certificates in the login
keychain which you can manage via Keychain Access
. You can access the keychain data programatically with the builtin cli security
command, and also with a pip instalable python module named keyring
that also provides a cli command.
When retrieving a password with any of these tools, you will be prompted to allow access to the secret and prompted your login password. There's an option Allow
and Always allow
. Use the one with which you're comfortable. The default is Allow
, if you hit enter, you will be prompted to enter your password every time you need it.
MacOS already stores most of your passwords in the Keychain. You can see and store passwords in Keychain Access gui, but the cli let's you leverage the Keychain to store and retrieve existing passwords. Wgen using the cli, you may need to unlock your keychain, so run:
security unlock-keychain ${HOME}/Library/Keychains/login.keychain-db