Getting master password from OSX keychain

I'm not too sure about the security implications, but this is how I store my master password in OSX keychain, and use it for op signin so that I don't have to type my password ever.

First, I create a new login using Keychain Access. I named it op-master-password, and entered my master password. Then, when I want to signin on the cli, I use this command:

op signin [my-account-name] "`security find-generic-password -gs op-master-password -w`"

I would love to know if this is a smart or a dumb thing to do ;-)


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • cohixcohix

    AgileBits Team Member

    Well the macOS keychain in general is secure (we use it with our Mac app for several purposes), just be wary of a few things:

    • Including the master password as a parameter rather than using secure input will "leak" the password into the process list (for a fraction of a second)

    • Creating an alias of some sort to trigger this command makes it easy for a potential attacker with shell or physical access to your machine to sign in without needing to know your Master Password.

    If you're willing to make the convenience/security tradeoff, then this is a great solution :) Thank you for sharing!

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file