OSX keychain utilities for secure environment vars
So you have some values you need in your shell, but you know you shouldn't keep then in plaintext on disk.
set-keychain-environment-variable MY_SECRET_ENV
You will be prompted for the value (and a confirmation)
password data for new item:
retype password for new item:
To just see the value
keychain-environment-variable MY_SECRET_ENV
The function prints the value to stdout
mysecret
To assign to a variable
MYVAR=$(keychain-environment-variable MY_SECRET_ENV)
You can do this as an export
in your .zshrc, but it's not as recommended, since those stick around as plaintext in your env
. It is better to create an alias or function wrapper for your use cases that need these secrets.
delete-keychain-environment-variable MY_SECRET_ENV
cd ~/.oh-my-zsh/custom/plugins
(you may have to create the folder)git clone https://github.com/onyxraven/zsh-osx-keychain.git
- In your .zshrc, add
zsh-osx-keychain
to your oh-my-zsh plugins:
plugins=(
# [...snip...]
zsh-osx-keychain
)
- restart your shell
- add
zgen load onyxraven/zsh-osx-keychain
to your '!saved/save' block zgen update
- restart your shell
Use it like other oh-my-zsh plugins.
zinit snippet https://github.com/onyxraven/zsh-osx-keychain/blob/main/zsh-osx-keychain.plugin.zsh
OSX is able to programmatically access keychain values using the security
command. You can also see these keychain items (on your default keychain) via Keychain Access.app
The commands here were copied pretty closely from this gist, with some explanation in this blog post