You don’t need to type passwords directly in your terminal.
Whether you’re at home, in your office, in a coffee shop, or sharing your screen in some way, avoid making any secrets easily visible. The majority of people won’t memorise it, especially if it’s a strong secret; however, it can be easily retrieved from a screenshot or picture.
macOS: Keychain (out-of-box) Link to heading
The steps:
- Add the password to the Keychain
- Retrive and use the password when needed
- Minimise how much typing is necessary
1 Add Password to Keychain Link to heading
Type the command below and follow the instructions.
$ security add-generic-password -a ${USER} -s <service-name> -w
The <service-name> could be Company-GitHub. It represents which service
that password belongs.
2 Retrieve Password From Keychain Link to heading
The command below prints the password in the terminal.
$ security find-generic-password -a ${USER} -s <service-name> -w
That means it can be used anywhere in the shell!
$ curl \
--user "username:$(security find-generic-password -a ${USER} -s <service-name> -w)" \
http://protected.site
3 Minimise Typing Link to heading
The command security find-generic-password -a ${USER} -s <service-name> -w
might be a tad long to be typed everytime the password is needed.
Create a function and source them in .zshrc (or equivalent) to solve that,
here is an example:
gh_pass() {
security find-generic-password -a ${USER} -s personal-gh -w
}
And then just use the function when needed, for example:
$ curl --user "username:$(gh_pass)" http://protected.site
Cross-platform: pass (open source)
Link to heading
This is a common password management tool and an open-source alternative that can be used across multiple platforms.
Check how to set up and use on their website.
Cross-platfrom: 1Password (paid) Link to heading
1Password continuously expands their command-line tooling support. It’s worth checking the possibilities here.