Securely provide environment credential passwords in the terminal

Veröffentlicht von

If you use npm, docker, aws or other CLIs that require authentication or require environment variables, you want to have them available without copy/pasting it from some password manager and you don’t want to store it as plain text in .bash_profile or .bashrc.

How about using the Mac OS integrated keychain password manager? It provides a command line interface for storing and retrieving sensitive information.

To store a username password combination, or also just a password, you may use the add-generic-password feature of OSX keychain:

security add-generic-password -s name_of_credential -a username@something -w "PASSWORD"

You may leave -a switch with the same name as -s if you only need a password credential.

To retrieve a username or password from keychain and provide it as an environmental variable, add it to your terminal file as following:

export MY_USER=`keychain -u -s name_of_credential`
export MY_PASS=`keychain -p -s name_of_credential`

Read also my post about structuring your terminal files.