Summon Provider for the OSX Keychain Service
OSX provides a keychain service to store secrets locally. It can be accessed
security command line program.
This script provides a summon provider that fetches secrets from the OSX keychain. You can add secrets to the keychain like this:
security add-generic-password -s "summon" -a "the/secret/path" -w "the secret value"
You can also do this through the Keychain Access utility. The "Keychain Item Name" field should be "summon", the "Account Name" should be the secret path, and the "Password" field should contain the secret value.
Notice that we are storing the secrets under the service
"summon". You can
fetch secrets from other services by setting the
environment variable to the name of the service you want to use.
You will need to install summon to use this provider.
You can install by simply cloning the repo and creating a symlink in the
You may need to run the following commands as a super user.
git clone firstname.lastname@example.org:conjurinc/summon-keychain-cli.git cd summon-keychain-cli mkdir -p /usr/libexec/summon ln -s "$PWD/keychain.sh" /usr/libexec/summon/keychain.sh