Sometimes it is convenient to have a simple command that will print a few credentials to the shell (certificate passwords, ZIP archives, etc.). When I run the command below in the terminal, a small modal window pops up asking me to unlock my login keychain. The script then fetches the password to decrypt the contents of the file to stdout
.
To transform a file conf.txt
into this self extracting file, first encrypt it with Blowfish (or the more standard aes-256-cbc instaead of bf)
openssl bf -e -salt -a -in conf.txt -out econf.txt
You will be asked for a password twice on the command line.
If you cat
the contents of econf.txt
it will be some random binary data that has been uuencoded.
Now you need to create the password entry in Keychain Access. Open it and with Cmd-N create a new password item. For Keychain Item Name enter a unique name that you will use to fetch the password. As an example assume you entered myOpen12198. The username can be left blank.
Then create a script selfConf
and paste the contents of econf.txt
in the here data before the EOI marker.
#!/bin/bash
#
# cat an encrypted file
#
KIN=myOpen12198
openssl bf -d -a -pass file:<(security find-generic-password -l $KIN -w) <<EOI
U2FsdGVkX1/X+ZjyzGQgEdzL/rAjV6WGRfR15OwIHxVV7DnOWo9e74BtifUoUdLB
s5c6CIFJHeB4RlUBjeVLnxkaM03GD78TztlA6InlxLTWEWKbHNbmj94IZBFpkGuA
P12BU/2VbUlbLzR6SP+eEMhpHIbvKOQoauh8TME/oDgqVA73Bd0AiXHfPxsfxtBR
sEtXBDb2nzJlIP9pYANlZucIsMSLMB1MDKtCCrNvX0uuSEyu+NrxNrXQSeXHnl/S
zvyNvifDdIQi4BeQ5MQl2LBVpivJqX2cWPlURv53wuOCIXmKz2alTvMUdt1Wm4dc
P7mAwhuRMfxKbwOEPJ7VE0lrlGZwnTBJfHCgsGvVUA8mqGAxDxGlMd243rUwIS0Q
Ktgwum/MnX7Z48Z9kV7PTuhsTyJBrgrlADOtRQDF6UXVCVNijpXWg/nhqtHIfcFR
B9VuaO6vK39b2ggj9UBxCGkZhXpP3H3xb1ot5ts6VwlFkJ0SLH+bT49ieJ8zUWie
8K02qoF0BYb7Ng7ssLef9ahPiUxejzbg7f5NIYjoWIDK8oO99BgHug==
EOI
To make the script executable use chmod
chmod 740 selfConf
so that you can run it, members of you group can read it and others can't do a thing.