MacOS stores credentials and SSL/TLS certificates in the login keychain which you can manage via Keychain Access. You can access the keychain data programatically with the builtin cli security command, and also with a pip instalable python module named keyring that also provides a cli command.
When retrieving a password with any of these tools, you will be prompted to allow access to the secret and prompted your login password. There's an option Allow and Always allow. Use the one with which you're comfortable. The default is Allow, if you hit enter, you will be prompted to enter your password every time you need it.
MacOS already stores most of your passwords in the Keychain. You can see and store passwords in Keychain Access gui, but the cli let's you leverage the Keychain to store and retrieve existing passwords. Wgen using the cli, you may need to unlock your keychain, so run:
security unlock-keychain ${HOME}/Library/Keychains/login.keychain-db
security find-generic-password -ws name_of_secret
name_of_secret in Keychain Access this is the string in the Name column and the Name field when you open/double click on the name.
pip install keyringkeyring get name_of_secret *account
import keyring
passwd = keyring.get_password("name_of_secret", "*account")
* in Keychain Access you Account can be retrieved by opening the secret you want to use.
You can also retrieve secrets from Lastpass via cli
- brew install lastpass-cli
- login to lastpass:
lpass login user@name.com - retrieve an existing password:
lpass show --password name_of_secret - more can be done, please look at the man page or docs