Adding OSX Keychain Support to a Ruby app

The other day I discovered the awesome Vmail app. It is Vim interface to Gmail that works quite well. After sharing it with a colleague at work he raised the concern of storing your gmail password in plaintext within the .vmailrc file. I agreed but couldn't think of an immediate solution.

On my train ride home curiosity got the better of me. I figured it can't be overly difficult to retrieve a password from the OSX keychain. After a brief Google I found this article that demonstrates how to access a keychain password via command line. While certainly not as graceful as a native API call it gets the job done. With vmail being shared on github and coded in Ruby I figured there was at least a small chance a proof of concept could be hacked together.

I was able to get something working with very little code and posted it to github. The actual function for retrieving a password is very simple:


def get_keychain_password(key)
  password = nil
  begin
    cmd = "security 2>&1 >/dev/null find-internet-password -gs #{key}"
    password = $1 if `#{cmd}` =~ /^password: "(.*)"$/
  rescue
    password
  end
end

It ain't the most elegant solution but seems to work and is more secure than storing a password in plain text!

Add new comment

By submitting this form, you accept the Mollom privacy policy.