Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: joshsiegel
joshsiegel Author
User level: Level 1
4 points

AppleScript to duplicate keychain

Hello,


I am trying to copy the entries from my iCloud Keychain to a backup keychain. I have around 500 entries that I would like to copy, but Keychain Access asks for the password for my "Local Items" keychain for every single password. Is there a way to automate entering my password for this prompt?


I have downloaded and installed the Usable Keychain Scripting library for AppleScript (http://www.red-sweater.com/blog/2035/usable-keychain-scripting-for-lion). However, my knowledge is very basic. All I need is a way to have AppleScript type my password and hit enter repeatedly.


Thanks!

MacBook Pro with Retina display, OS X Yosemite (10.10.2)

Posted on Feb 13, 2015 9:06 PM

Reply
6 replies
User profile for user: Drew Reece
Drew Reece
User level: Level 6
10,660 points

Feb 16, 2015 1:58 AM in response to joshsiegel

I don't believe the password field is scriptable.

I don't use iCloud keychain so this may not work, it's just a workaround that may make it easier…


If the keychain allows editing the password for the iCloud keychain you can try setting an empty password, you may need to try twice - keychain wants to prevent weak master passwords.


I would backup first & take the system off the internet to avoid it syncing the unprotected keychain back to Apple. Also disable Time Machine whilst you process the items, you want to avoid a non-password protected keychain being in the backup. Reset the master passwords when complete!


NOTE:

You can hold alt & drag items to duplicate between the keychains, then it should be a case of hitting return a lot (or clicking) 🙂


Maybe someone will come up with a better answer…

Reply
User profile for user: Drew Reece
Drew Reece
User level: Level 6
10,660 points

Feb 25, 2015 8:41 PM in response to baltwo

baltwo wrote:


Won't happen. You have to manually do it in Keychain Access, when using AppleScript.


27" i7 iMac (Mid 2011) refurb, OS X Yo (10.10.2), Mavs, ML & SL, G4 450 MP w/10.5 & 9.2.2

Actually baltwo you can script the password dialog via UI scripting …


try

tell application "System Events" to tell process "SecurityAgent"

set frontmost to true


delay 0.1

tell window 1


setvalueoftext field 1 to "password"

tell group 1

tell button "OK"

perform action "AXPress"

end tell

end tell

end tell

end tell

delay 0.3

on error


display dialog "Failed"

end try


Accessibility needs to be enabled to allow the script to enter text into the dialog it's in the security section of System Preferences.

Accessibility inspector will allow you to see the field nesting in the UI, it is part of Xcode.


Tiiming is always critical on UI Scripting, so add delays when it fails.

The above works on 10.9.

Reply
User profile for user: baltwo
baltwo
User level: Level 9
62,362 points

Feb 25, 2015 10:46 PM in response to Drew Reece

You might be able to get the password entered, but as far as I know, you'll still need to manually hit the enter key, which is what the OP wanted to do. As for anything doing with iCloud keychains, I'll defer to those using such things. I don't. Here's a simple script that gets info from the keychain, revealing the source and the passwords from the keychain, wherein you always have to manually hit the Allow button to get the next keychain item. If you can use your technique to automate it, have at it—I've not been able to do it and I've been trying for over four years.


set theSecuridPIN to {}


tell application "Usable Keychain Scripting" to launch

tell application "Keychain Access" to launch


using terms from application "Usable Keychain Scripting"

tell application "Usable Keychain Scripting"

set KeyList to every internet password of current keychain

repeat with aKey in KeyList

set theSecuridPIN to theSecuridPIN & ((name of aKey) & tab & ¬

(account of aKey) & tab & (password of aKey) & return) as text

end repeat

end tell

end using terms from


tell application "Usable Keychain Scripting" to quit

tell application "Keychain Access" to quit


tell application "Finder"


open for accessfile (((path todesktop folder) as text) & "Passwords") with write permission

set theFile to result


writetheSecuridPINtotheFile


close accesstheFile

end tell

Reply
User profile for user: Drew Reece
Drew Reece
User level: Level 6
10,660 points

Feb 25, 2015 11:08 PM in response to baltwo

baltwo wrote:

If you can use your technique to automate it, have at it—I've not been able to do it and I've been trying for over four years.



Really? I have used Automator to record a 'watch me do' action that worked on 10.6 & earlier. It was very fragile, so it's not worth talking about, but it would click Allow 🙂


I have also used this variation of the above (which also clicks the Allow button)…


repeat with i from 1 to 3

try

tell application "System Events" to tell process "SecurityAgent"

set frontmost to true


delay 0.1

tell window 1

tell group 1

tell button "Allow"

perform action "AXPress"

end tell

end tell

end tell

end tell

on error

exit repeat

end try

delay 0.1

end repeat

I gave up with keychain scripting & used the shell to handle the dumping of keychain items 'security dump-keychain', which requires lots of post processing & parsing. You still need to click the allow button, which is what the above does.


It is called from within the shell script via osascript, it tries 3 times since I found the UI could be slow at times.

I'm by no means an expert in Applescript, so it could be improved, but it is possible to click the buttons you desire.


joshsiegel, I forgot how much of this I had automated - it was wrapped up in a secure area of my brain.

Reply

AppleScript to duplicate keychain

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up