Bespoke askpass script for macOS.
Moved to a proper repo as gists are pretty limited for organization.
git clone https://github.com/pythoninthegrass/ask_pass.git
ln -s $(pwd)/ask_pass.sh ~/.local/bin/askpassUSAGE
ask_pass.sh [OPTIONS]
OPTIONS
-s|--set Set password in keychain.
-g|--get Get password from keychain. [default]
-d|--delete Delete password from keychain.
-c|--custom Set custom service name in keychain.
-h|--help Show this help message.
EXAMPLES
# set a custom service name password
ask_pass.sh -c <custom-service-name> -s
# get a custom service name password
ask_pass.sh -c <custom-service-name> -g
# delete a custom service name password
ask_pass.sh -c <custom-service-name> -d
NOTES
Set 'SUDO_ASKPASS=$(realpath "$0")' in your shell profile.
e.g., echo "export SUDO_ASKPASS='$(realpath "$0")'" >> ~/.bashrc
Can override the default service name by setting the env var 'ASKPASS_SERVICE_NAME'.
e.g., export ASKPASS_SERVICE_NAME='custom-service-name'# create a custom service name password
export ASKPASS_SERVICE_NAME='vault-pass'
askpass -v -s # set vault password
askpass -v # get vault password
# create
ansible-vault create vault.yml
# print
# ! Note: has to be declared as an _inline_ environment variable
# ! with the process substitution syntax '<(cmd)' to work correctly.
# ! Otherwise, ansible thinks that it's a literal absolute filepath with the
# ! credentials appended to the end.
ANSIBLE_VAULT_PASSWORD_FILE=<(askpass --vault) ansible-vault view vault.yml
Secret meeting in the basement of my brain# become password
export ASKPASS_SERVICE_NAME='ansible-sudo'
askpass --sudo -s # set sudo password
askpass --sudo # get sudo password
# use become password from keychain
export ANSIBLE_BECOME_PASS=$(which askpass)
ansible-playbook -i hosts tasks/pkg.yml -b- Error handling for when keychain isn't unlocked (e.g.,
Failed to set password in keychain service: ansible-sudo)security -i unlock-keychain