MacOS – security command gives out passwords without prompting for the keychain password

keychainmacosSecurity

When I try to access a keychain password using the keychain access GUI, I always get a dialog box for inputting the current keychain (login) password.

However, when I try the same thing from the command line using commands like the following

security find-generic-password -gs site_name

there is no such dialog for password input and the password is just given without any form of validation.

Is there any way to change this?

Best Answer

I bumped into this same issue, and it seems its all about removing the default access when creating the new password, this is described on help of the command:

security add-generic-password -h

At the bottom you will see:

By default, the application which creates an item is trusted to access its data without warning. You can remove this default access by explicitly specifying an empty app pathname: -T "" If no keychain is specified, the password is added to the default keychain.

So essentially you create the password with the -T "" setting:

security add-generic-password -a YOURUSER -s SERVICENAME -w YOURPASSWORD -T ""

Best Answer

Related Solutions

MacOS – My mother changed her session password and now the system can’t unlock the “login” keychain

ICloud keychain problems – asking passwords, can’t change password, can’t unsync

Related Question