Apple Keychain Access via 1Password CLI?

marceldarvas
marceldarvas
Community Member

Between Secrets Automation and CLI, I've been tempted to find a solution to smoothen my workflows. I switched to 1P 4 years ago and has been amazing, however I still find myself in-between Keychain Access and 1P for App-specific passwords.
Which also can result in API keys being copied to Clipboard (assuming it was created via a web UI) and then pasted somewhere, copied again, not great if you use a clipboard manager, as if we copy from 1Password everytime, it gets removed from Clipboard after X seconds or certain Applications can be set up for Clipboard manager.

Adding new item categories like "API Credentials" has been great, but many Mac apps default to Keychain when using Internet or Application Passwords.

It would be real nice if we could somehow bring 1Password together with Keychain together either via CLI or even Secrets Automation.

I was just using Paw for Mac where I spotted Keychain as an option for dynamic variables, sure I could just throw my simple Token into Keychain, but once again, this makes me evaluate how much I benefit from paying the additional costs that come with 1P.
I was thinking about using Mac OS Automator to regularly run CLI and Keychain Importer (I don't need to sync all items), but then I was also thinking if it could be a better approach from an encryption standpoint to connect 1P with HashiCorp Vault and then HashiCorp Vault with Keychain via this https://github.com/sethvargo/vault-token-helper-osx-keychain

Thanks for any inputs!


1Password Version: 7.8.6
Extension Version: 2.0.4
OS Version: OSX 11.2.1
Sync Type: 1Password (this is confusing)

Comments

  • Hi Marcel, thanks for bringing this up! I'd love to hear more about those workflows that benefit from Keychain access. You mentioned loading API keys into Paw as one of them. Can you come up with more examples?

  • marceldarvas
    marceldarvas
    Community Member

    Hi Floris, thanks for your reply, I may have brainstormed about a couple different ways of solving this up there, which may have been overcomplicated...

    Here are some other examples (probably several alternatives use the same methods):
    1. HTTP Authentication (like Router logins)
    2. WIFI Passwords
    2. Terminal: SSH/SFTP connections (if no SSH keys are used), this is also accessed via VS Code
    3. Even the Slack App uses keychain
    4. Cyberduck (SFTP Client)
    5. TablePlus (SQL Client)
    6. Automator/Shortcuts
    7. Website in an App Tools (mostly chromium based, but no 1Password Extension Integration)

    I'm not sure how others have their Master Passwords login/logout set, but when working across multiple browsers with this new iPassword X Extension, I need to authenticate each time, even though I already opened my standalone app to do so...

  • Thanks a lot for listing all those cases! Covering more developer workflows outside of the browser boundary is something we're looking into at the moment. I can't make any specific promises at this time, but if you'd like, I could add you to the early access list.

  • marceldarvas
    marceldarvas
    Community Member

    Thanks! That sounds good, count me in!

    I’ve recently setup the Keybase SSH client which is neat concept
    https://keybase.io/blog/keybase-ssh-ca

  • ag_ana
    ag_ana
    1Password Alumni

    :+1: :)

This discussion has been closed.