Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Python methods to interact with Mac OS X Keychain
import re
import os
def getpassword(service, account):
def decode_hex(s):
s = eval('"' + re.sub(r"(..)", r"\x\1", s) + '"')
if "" in s: s = s[:s.index("")]
return s
cmd = ' '.join([
"/usr/bin/security",
" find-generic-password",
"-g -s '%s' -a '%s'" % (service, account),
"2>&1 >/dev/null"
])
p = os.popen(cmd)
s = p.read()
p.close()
m = re.match(r"password: (?:0x([0-9A-F]+)\s*)?\"(.*)\"$", s)
if m:
hexform, stringform = m.groups()
if hexform:
return decode_hex(hexform)
else:
return stringform
def setpassword(service, account, password):
cmd = 'security add-generic-password -U -a %s -s %s -p %s' % (account, service, password)
p = os.popen(cmd)
s = p.read()
p.close()
@adibendahan

This comment has been minimized.

Copy link

@adibendahan adibendahan commented Mar 2, 2017

Thanks!

@scconroy

This comment has been minimized.

Copy link

@scconroy scconroy commented Jan 16, 2018

Not sure if its an addition since this was written, but I've got an option on the "security find-generic-password" command that will display only the password in the output( '-w'), relieving the need for the regex matching on the output from '-g'.

As far as I can see, you can just replace -g with -w and delete the regex operations. Let me know if I'm wrong, though.

Running Sierra 10.12.6

@mrmurphy

This comment has been minimized.

Copy link

@mrmurphy mrmurphy commented Jan 28, 2020

Fantastic, thanks to all of you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment