Apple - How can I access the keychain remotely from the command line?
In reproducing this to investigate, I notice that I have my keychain configured to “Confirm before allowing access.” So when I perform the find-internet-password
locally with the -g
flag, I get a dialog box stating security wants to use your confidential information stored in “smtp.gmail.com” in your keychain. If I click “Allow” then it works, if I click “Deny” it fails similarly to the ssh
case, with a return code of 51
.
When I try the command remotely via ssh
, the -g
immediately results in failure, with the status of 36
that you are reporting.
I suspect that this is because, when you ssh
in, there is no way for the system to pop up a dialog box allowing you to confirm that you want to allow the security
command to access this information.
I was able to get the command to work while connected by ssh
by first clicking the “Always Allow” option when running the command locally. This updates the permissions in Keychain so that I no longer need to respond to the dialog (even locally), which allows it to work remotely too.
I don’t know if this will be entirely helpful to you, however, as I think it means you will need to preemptively grant the security
program access to any keychain items you may want to access remotely. It may be possible to write a script to do this?
If you are experimenting with this manually and later want to revoke this access, you can go to the affected item in Keychain Access, choose Get Info and look at the Access Control tab. You will see an entry for security
there, which you can delete:
security -i unlock-keychain
works for me in MacOS 10.13.4 High Sierra.
After investigating karthick's solution, I found this. The -i makes the command interactive and prompts you in the terminal for your password.
As long as the security keychain is in the default location you can run the below command to unlock it. It does not prompt for a password. It worked remotely.
security unlock-keychain -p "enter password"