The Mac OS Keychains is great if you spend your time in the Apple-verse. When you decide to mix it up or move away, you will want to take your password with you. Here's a process and the tools for exporting it's content to a CSV file in the format “example.com,user,pass”. This portable format would be pretty easy to import into Dashlane, LastPass, 1Password or whatever.
Kudos to https://gist.github.com/rmondello for creating the first version of this.
One’s iCloud Keychain is stored on disk in a different format than a traditional keychain. To access the credentials, first create a traditional keychain and copy there the iCloud Keychain’s contents:
- In the Keychain Access, go to
File > New Keychain (⌥⌘N)
. You can save the new keychain to the desktop and call it something like "Big Keychain" - Choose the iCloud kaychain from the sidebar.
- Select all the passwords.
- Use "Edit > Copy" to copy them all.
- Selected the new "Big Keychain" in the sidebar.
- Use "Edit > Paste" to paste the copied passwords.
Keychain Access prompted me for the “Local Items” keychain password for every password I was pasting. In my case, this would have been over 200 times!
Run the following script to take care of this:
set keychainPassword to the text returned of ¬
(display dialog ¬
"Your keychain password:" default answer ¬
"" with hidden answer)
tell application "System Events"
repeat while exists (processes where name is "SecurityAgent")
# Wait until the Allow dialog opens before proceeding
repeat until window "" of process "SecurityAgent" exists
end repeat
tell process "SecurityAgent"
set value of text field 1 of window 1 to keychainPassword
click button "Allow" of window 1
end tell
end repeat
end tell
Whatever process is running this script (Script Editor or a standalone bundle), it’ll need permission to “control your computer”.
After that runs, the recently-created local keychain should contain all of the passwords stored in iCloud Keychain.
I grabbed a copy of Daniel Jalkut’s “Usable Keychain Scripting” utility to help with the next part, but someone more sane might turn to security
.
I ran the following script to write the passwords out to disk:
set the logFile to ((path to desktop) as string) & "Passwords"
set keychainPath to "/Users/Dad/Desktop/dad.keychain"
-- write_to_file taken from http://www.macosxautomation.com/applescript/sbrt/sbrt-09.html
on write_to_file(this_data, target_file, append_data)
try
set the target_file to the target_file as string
set the open_target_file to open for access file target_file with write permission
if append_data is false then set eof of the open_target_file to 0
write this_data to the open_target_file starting at eof
close access the open_target_file
return true
on error
try
close access file target_file
end try
return false
end try
end write_to_file
tell application "Usable Keychain Scripting"
set keychainItems to get every keychain item of keychain keychainPath
repeat with keychainItem in keychainItems
set aServer to server in keychainItem
set anAccount to account in keychainItem
set aPassword to password in keychainItem
set csvEntry to aServer & "," & anAccount & "," & aPassword & "
"
my write_to_file(csvEntry, logFile, true)
end repeat
end tell
There’s a lot that can be improved with this code. For instance, I could have used a consistent naming style between copied and non-copied code. If I took the time to look up an array or list "join" routine, the intent of the could could have been better communicated.
Here again, OS X’s Keychain wanted to do its job, prompting me to allow access for each of the 200+ items.
-- Taken from a comment by Mr. X on http://selfsuperinit.com/2014/01/20/exporting-icloud-keychain-passwords-as-a-plain-text-file/
tell application "System Events"
repeat while exists (processes where name is "SecurityAgent")
tell process "SecurityAgent"
click button "Allow" of window 1
end tell
delay 0.2
end repeat
end tell
After that, I had my file. Inelegant, but it got the job done, and I had fun.
FWIW I found this tool a bit easier, and it didn't require "Usable Keychain Scripting": https://github.com/lifepillar/CSVKeychain - maybe worth looking at that script for how to use
security
instead