Add support for storing PAT in OSX keychain

Added additional optional arguments and README guidance for storing and accessing a Github personal access token (PAT) in the OSX keychain
2025-12-06 16:38:03 +01:00 · 2017-04-05 15:17:52 +01:00
parent dd2b96b172
commit 1d6e1abab1
2 changed files with 46 additions and 1 deletions
--- a/bin/github-backup
+++ b/bin/github-backup
@@ -251,13 +251,35 @@ def parse_args():
    parser.add_argument('-v', '--version',
                        action='version',
                        version='%(prog)s ' + __version__)
+    parser.add_argument('--keychain-name',
+                        dest='osx_keychain_item_name',
+                        help='OSX ONLY: name field of password item in OSX keychain that holds the personal access or OAuth token')
+    parser.add_argument('--keychain-account',
+                        dest='osx_keychain_item_account',
+                        help='OSX ONLY: account field of password item in OSX keychain that holds the personal access or OAuth token')
    return parser.parse_args()


 def get_auth(args, encode=True):
    auth = None

-    if args.token:
+    if args.osx_keychain_item_name:
+        if not args.osx_keychain_item_account:
+            log_error('You must specify both name and account fields for osx keychain password items')
+        else:
+            try:
+                with open(os.devnull,'w') as devnull:
+                    token = (subprocess.check_output([
+                        'security','find-generic-password',
+                        '-s',args.osx_keychain_item_name,
+                        '-a',args.osx_keychain_item_account,
+                        '-w' ], stderr=devnull).strip())
+                auth = token + ':' + 'x-oauth-basic'
+            except:
+                log_error('No password item matching the provided name and account could be found in the osx keychain.')
+    elif args.osx_keychain_item_account:
+        log_error('You must specify both name and account fields for osx keychain password items')
+    elif args.token:
        _path_specifier = 'file://'
        if args.token.startswith(_path_specifier):
            args.token = open(args.token[len(_path_specifier):],