Getting master password from OSX keychain
I'm not too sure about the security implications, but this is how I store my master password in OSX keychain, and use it for op signin
so that I don't have to type my password ever.
First, I create a new login using Keychain Access. I named it op-master-password
, and entered my master password. Then, when I want to signin on the cli, I use this command:
op signin [my-account-name] "`security find-generic-password -gs op-master-password -w`"
I would love to know if this is a smart or a dumb thing to do ;-)
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Well the macOS keychain in general is secure (we use it with our Mac app for several purposes), just be wary of a few things:
Including the master password as a parameter rather than using secure input will "leak" the password into the process list (for a fraction of a second)
Creating an alias of some sort to trigger this command makes it easy for a potential attacker with shell or physical access to your machine to sign in without needing to know your Master Password.
If you're willing to make the convenience/security tradeoff, then this is a great solution :) Thank you for sharing!
0