pw is a one-file bash wrapper for the macOS keychain security commands to make interacting with the keychain fast, easy and secure. It's combining the security of the macOS keychain with the speed and simplicity of the fzf fuzzy finder.
$ pw
โญโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ > โ
โ ios.password me@work.com login.keychain โ
โ ios.user me@work.com login.keychain โ
โ > github sschmid login.keychain โ
โ github.token sschmid login.keychain โ
โ nuget sschmid login.keychain โ
โ slack me@work.com login.keychain โ
โ twitter s_schmid login.keychain โ
โ unity me@work.com login.keychain โ
โ โ
โ โ
โ โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
bash -c "$(curl -fsSL https://raw.githubusercontent.com/sschmid/pw/main/install)"
install fzf (command-line fuzzy finder)
brew install fzf
$ pw help
โโโโโโโ โโโ โโโ
โโโโโโโโโโโ โโโ
โโโโโโโโโโโ โโ โโโ
โโโโโโโ โโโโโโโโโโ
โโโ โโโโโโโโโโ
โโโ โโโโโโโโ
usage: pw [--help | -h]
[-p] [-a | -k <keychain>] [<commands>]
options:
-p print password instead of copying
-a search in all user keychains
-k <keychain> search in given keychain
commands:
[-p] no command copy (or print) password using fuzzy finder
[-p] <name> [<account>] copy (or print) password
init create keychain (default: login.keychain)
add <name> [<account>] add entry (leave password empty to generate one)
edit [<name>] [<account>] edit entry (leave password empty to generate one)
rm [<name>] [<account>] remove entry
ls list all entries
gen generate password
open open keychain in Keychain Access
lock lock keychain
unlock unlock keychain
update update pw
customization:
PW_KEYCHAIN keychain to use when not specified with -k (default: login.keychain)
PW_GEN_LENGTH length of generated passwords (default: 35)
PW_CLIP_TIME time in seconds after which the password is cleared from the clipboard (default: 45)
$ pw add github # add new entry for github
Enter password for github:
Retype password for github:
$ pw github # copy password for github
$ pw add slack me@work.com # add new entry for slack with account
Enter password for slack: # leave empty to generate a password
$ pw # open fzf and copy password for selected entry
โญโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ > โ
โ github login.keychain โ
โ > slack me@work.com login.keychain โ
โ โ
โ โ
โ โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
pw -k <keychain>
sets the keychain for the current command.
Export PW_KEYCHAIN
to change the default keychain.
export PW_KEYCHAIN=secrets.keychain
$ pw -k secrets init
$ pw -k secrets add twitter s_schmid
Enter password for twitter:
$ pw -p -k secrets # -p prints password instead of copying
โญโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ > โ
โ > twitter s_schmid secrets.keychain โ
โ โ
โ โ
โ โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
$ pw -a # -a searches in all user keychains
โญโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ > โ
โ > github login.keychain โ
โ slack me@work.com login.keychain โ
โ twitter s_schmid secrets.keychain โ
โ โ
โ โ
โ โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
Use pw
to avoid leaking secrets in scripts that you share or commit.
github::me() {
local token
token="$(pw -p github.token)"
curl -s -H "Authorization: token ${token}" "https://api.github.com/user"
}
Export or provide the following variables to customize pw's default behaviour:
# Default keychain used when not specified with -k
export PW_KEYCHAIN=secrets.keychain
# Generated password length
export PW_GEN_LENGTH=35
# Time after which the password is cleared from the clipboard
export PW_CLIP_TIME=45