NOTE: Under Construction - I'm in the middle of upgrading my site and lots of stuff is kinda broken. Please forgive the mess.

Get Passwords From Mac's Keychain Access App In Rust

July 2023

I don't like using plain-text config or .env files for storing passwords. Beyond the possibility of accidentally sending them to github I also stream which opens up an entirely new way to dox credentials.

Instead, I store credentails inside my system's password mananger and use them from there. Here's Rust the code I use to get a credentail from my mac's Keychain Access app.

security-framework = "2.10"

use security_framework::passwords::get_generic_password;

fn main() {
    let key = "example-password-name";
    let account = "alan";
    match get_generic_password(key, account) {
        Ok(response) => println!("{}", String::from_utf8(response).unwrap()),
        Err(e) => println!("{}", e)

When I run that code I get a system pop-up asking me for my user password.

  A Mac system pop-up for the Keychain Access app that's asking for a password in order to continue

When I enter it correctly the code can grab the password and use it from there. The chances of doxing myself aren't eliminated, but they go way down.

═══ § ═══


  • This example is Rust. There are similar features available in other langauges and frameworks. And, worst case, Keychain Access has a command line interface so you could use it as an API if necessary.

  • Keychain Access is the macOS password mananger. Similar ones exist on Windows and Linux distributions.

Footnotes And References