├── .gitignore ├── LICENSE.md ├── utils ├── uninstall.zsh └── install.zsh ├── bootstrap.zsh └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | # 2 | # Ignore 3 | # 4 | 5 | *.swp 6 | .DS_Store 7 | -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | © 2024 Nicolò Diamante 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy of 6 | this software and associated documentation files (the "Software"), to deal in 7 | the Software without restriction, including without limitation the rights to 8 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies 9 | of the Software, and to permit persons to whom the Software is furnished to do 10 | so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /utils/uninstall.zsh: -------------------------------------------------------------------------------- 1 | #!/bin/zsh 2 | 3 | # 4 | # Disable Touch ID for sudo on macOS 5 | # 6 | 7 | # Set PATHs 8 | SW_VERS=$(sw_vers --productVersion) 9 | OS_VERS=$(echo "$SW_VERS" | cut -d '.' -f 1) 10 | PAM_AUTH_FILE="/etc/pam.d/sudo_local" 11 | PAM_SUDO_FILE="/etc/pam.d/sudo" 12 | 13 | # Main script execution 14 | echo "\nThis will revert the changes made by the Keyave script." 15 | 16 | # Prompt the user 17 | echo -n "Do you want to proceed with disabling Touch ID for sudo? [y/N]: " 18 | read REPLY 19 | echo "" 20 | if [[ "$REPLY" =~ ^[Yy]$ ]]; then 21 | if [[ "$OS_VERS" -ge 14 ]]; then 22 | if [[ -f "$PAM_AUTH_FILE" ]]; then 23 | # Remove PAM local for macOS 14 and later 24 | sudo /bin/rm "${PAM_AUTH_FILE}" 25 | echo "\nTouch ID for sudo has been disabled for macOS." 26 | else 27 | echo "\nThe ${PAM_AUTH_FILE} file does not exist. No changes made." 28 | fi 29 | 30 | # Restore the backup of sudo_local 31 | BACKUP_FILE=$(ls -t /etc/pam.d/sudo_local_* | head -n 1) 32 | if [[ -n "$BACKUP_FILE" ]]; then 33 | sudo /bin/mv "${BACKUP_FILE}" "${PAM_AUTH_FILE}" 34 | echo "\nBackup of sudo_local has been restored for macOS." 35 | else 36 | echo "\nNo backup file found for sudo_local. No restoration made on macOS." 37 | fi 38 | else 39 | # Handle macOS versions prior to macOS 14 40 | # Find the most recent backup file 41 | BACKUP_FILE=$(ls -t /etc/pam.d/sudo_* | head -n 1) 42 | if [[ -n "$BACKUP_FILE" ]]; then 43 | sudo /bin/mv "${BACKUP_FILE}" "${PAM_SUDO_FILE}" 44 | echo "\nTouch ID for sudo has been disabled and original sudo configuration restored for macOS." 45 | else 46 | echo "\nNo backup file found. Cannot revert changes on macOS." 47 | fi 48 | fi 49 | else 50 | echo "\nDisabling Touch ID for sudo cancelled by the user." 51 | fi 52 | 53 | echo "\nKeyave: Touch ID for sudo disabled." 54 | -------------------------------------------------------------------------------- /bootstrap.zsh: -------------------------------------------------------------------------------- 1 | #!/bin/zsh 2 | 3 | # 4 | # Start Keyave Installation. 5 | # 6 | 7 | # Validate OS. 8 | if [[ "$OSTYPE" != "darwin"* ]]; then 9 | echo "This script is only compatible with macOS" >&2 10 | exit 1 11 | fi 12 | 13 | # Determines the current user's shell. 14 | if [[ "$SHELL" != */zsh ]]; then 15 | echo "Please switch to zsh shell to continue." >&2 16 | exit 1 17 | fi 18 | 19 | # Defines the PATHs. 20 | SOURCE="https://github.com/nicolodiamante/Kyave" 21 | TARBALL="${SOURCE}/tarball/master" 22 | TARGET="${HOME}/Keyave" 23 | TAR_CMD="tar -xzv -C \"${TARGET}\" --strip-components 1 --exclude .gitignore" 24 | INSTALL="${TARGET}/utils/install.sh" 25 | 26 | # Check if a command is executable. 27 | is_executable() { 28 | command -v "$1" &> /dev/null 29 | } 30 | 31 | # Ensure TARGET directory doesn't already exist. 32 | if [[ -d "$TARGET" ]]; then 33 | echo "Target directory ${TARGET} already exists. Please remove or rename it and try again." 34 | exit 1 35 | fi 36 | 37 | # Checks which executable is available then downloads and installs. 38 | if is_executable "git"; then 39 | CMD="git clone ${SOURCE} ${TARGET}" 40 | elif is_executable "curl"; then 41 | CMD="curl -L ${TARBALL} | ${TAR_CMD}" 42 | elif is_executable "wget"; then 43 | CMD="wget --no-check-certificate -O - ${TARBALL} | ${TAR_CMD}" 44 | else 45 | echo 'No git, curl, or wget available. Aborting!' 46 | exit 1 47 | fi 48 | 49 | echo 'Installing Keyave...' 50 | 51 | # Create the target directory and proceed with the chosen download method. 52 | if ! mkdir -p "${TARGET}"; then 53 | echo "Error: Failed to create target directory. Aborting!" >&2 54 | exit 1 55 | fi 56 | 57 | # Execute the download command and run the installation script. 58 | if eval "${CMD}"; then 59 | if cd "${TARGET}"; then 60 | if ! source "${INSTALL}"; then 61 | echo "Error: Failed to run the install script. Aborting!" >&2 62 | exit 1 63 | fi 64 | else 65 | echo "Error: Failed to navigate to ${TARGET}. Aborting!" >&2 66 | exit 1 67 | fi 68 | else 69 | echo "Download failed. Aborting!" >&2 70 | exit 1 71 | fi 72 | -------------------------------------------------------------------------------- /utils/install.zsh: -------------------------------------------------------------------------------- 1 | #!/bin/zsh 2 | 3 | # 4 | # Keyave — Integrate Touch ID in Terminal for Enhanced Mac Security. 5 | # By Nicolò Diamante 6 | # https://github.com/nicolodiamante/keyave 7 | # MIT License 8 | # 9 | 10 | # 11 | # Enable Touch ID for sudo on macOS 12 | # 13 | 14 | # Validate macOS version 15 | SW_VERS=$(sw_vers --productVersion) 16 | OS_VERS=$(echo "$SW_VERS" | cut -d '.' -f 1) 17 | PAM_TEMP_FILE="/etc/pam.d/sudo_local.template" 18 | PAM_AUTH_FILE="/etc/pam.d/sudo_local" 19 | PAM_SUDO_FILE="/etc/pam.d/sudo" 20 | 21 | # Ask about enabling Touch ID for sudo 22 | read -q "REPLY?Do you want to enable Touch ID for sudo? [y/N] " 23 | echo "" 24 | if [[ "$REPLY" =~ ^[Yy]$ ]]; then 25 | echo "\nEnabling Touch ID for sudo authentication..." 26 | 27 | if [[ "$OS_VERS" -ge 14 ]]; then 28 | # Backup existing file 29 | if [[ -f "$PAM_AUTH_FILE" ]]; then 30 | BACKUP_FILE="${PAM_AUTH_FILE}_$(\date "+%Y%m%d%H%M%S").bak" 31 | echo "\nBacking up existing file to ${BACKUP_FILE}..." 32 | sudo /bin/mv "${PAM_AUTH_FILE}" "${BACKUP_FILE}" 33 | fi 34 | 35 | # Copy template file 36 | # Remove the comment mark granting Touch ID 37 | # Set ownership and permissions 38 | if [[ ! -f "$PAM_AUTH_FILE" ]]; then 39 | sudo /bin/cp "${PAM_TEMP_FILE}" "${PAM_AUTH_FILE}" 40 | sudo sed -i '' -e 's,#auth sufficient pam_tid.so,auth sufficient pam_tid.so,g' "${PAM_AUTH_FILE}" 41 | sudo /usr/sbin/chown root:wheel "${PAM_AUTH_FILE}" 42 | sudo /bin/chmod 555 "${PAM_AUTH_FILE}" 43 | else 44 | echo "\nkeyave: Failed to find ${PAM_AUTH_FILE}. Touch ID authorization for sudo could not be enabled." 45 | exit 1 46 | fi 47 | else 48 | # Backup existing sudo file 49 | BACKUP_FILE="${PAM_SUDO_FILE}_$(\date "+%Y%m%d%H%M%S").bak" 50 | echo "\nBacking up existing sudo file to ${BACKUP_FILE}..." 51 | sudo /bin/cp "${PAM_SUDO_FILE}" "${BACKUP_FILE}" 52 | 53 | # Add Touch ID support at the top of the file 54 | if ! sudo grep -q "pam_tid.so" "${PAM_SUDO_FILE}"; then 55 | # Create a new file with Touch ID line at the top 56 | echo "auth sufficient pam_tid.so" | sudo cat - "${PAM_SUDO_FILE}" > temp_pam_sudo 57 | sudo mv temp_pam_sudo "${PAM_SUDO_FILE}" 58 | echo "\nTouch ID for sudo enabled on macOS." 59 | else 60 | echo "\nTouch ID already enabled in sudo configuration." 61 | fi 62 | fi 63 | else 64 | echo "\nEnabling Touch ID for sudo skipped." 65 | fi 66 | 67 | echo "\nOpening Passwords Shortcut..." 68 | sleep 3 69 | 70 | # Open the Keyave Shortcut URL 71 | SHORTUCT_URL="https://www.icloud.com/shortcuts/afd3e6896604451ab31cd303a153c881" 72 | open "${SHORTUCT_URL}" 73 | 74 | echo "\nKeyave: Touch ID for sudo enabled." 75 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |

2 | 3 | 4 | Keyave 5 | 6 |

7 | 8 | iCloud Keychain is a handy feature for Apple users that provides a secure and convenient way to manage passwords and other sensitive information. With iCloud Keychain, you can securely store your login credentials, credit card information, Wi-Fi passwords, and other important data on your Apple devices. 9 | 10 | At its core, iCloud Keychain champions data security. It ensures data security with end-to-end encryption, allowing only trusted devices linked to your iCloud account to access the information. Moreover, iCloud Keychain bolsters security with biometric authentication methods like Touch ID or Face ID. 11 | 12 | Overall, iCloud Keychain is a potent tool that makes it easy to manage your passwords and other sensitive information securely across all your Apple devices. If you're not already using it, you should consider turning it on to take advantage of its many benefits. 13 | 14 |


15 | 16 |

17 | 18 | 19 | System settings Passwords 20 | 21 | 22 |

23 | 24 |


25 | 26 | ## The benefits of using iCloud Keychain 27 | 28 | Apple has made significant strides in enhancing its password management capabilities with the introduction of new features in iOS 15, macOS Monterey, and beyond. In the past, iCloud Keychain was a somewhat passive password manager that would occasionally pop up unexpectedly to suggest strong passwords or autofill information, leaving users confused. However, with the latest updates, iCloud Keychain has become more proactive and now scans for potential password breaches, alerts users to repeated passwords, and even enables two-factor authentication (2FA). 29 | 30 |

31 | 32 |

33 | 34 | iCloud Passwords & keychain 35 | 36 |

37 | 38 |

39 | 40 | ### Turn on iCloud Keychain on your iPhone, iPad or iPod touch 41 | 42 | Tap Settings, tap [your name] and then choose iCloud Arrow Tap Passwords and Keychain Arrow Turn on iCloud Keychain. 43 | 44 | ### Turn on iCloud Keychain on your Mac 45 | 46 | Choose Apple menu  Arrow System Settings (or System Preferences) Arrow Click your name, then click iCloud Arrow Turn on Password & Keychain. 47 |

48 | 49 | ## A Shortcut to access Passwords in a quick way 50 | 51 | Using a password manager is essential in today's digital age. With so many accounts to keep track of, it's easy to fall into the trap of using the same password across multiple accounts or using weak passwords that are easy to guess. Apple has made it easy for users to manage their passwords by providing a built-in password manager that syncs across all Apple devices. 52 | 53 |
54 | 55 | ### Access passwords with a Shortcut 56 | 57 | To access the password manager on your Apple device, go to Settings (iOS) or System Preferences (macOS) and locate the Passwords option. However, revisiting this location each time can be time-consuming. 58 | 59 | To streamline the process and easily access your passwords, use the Passwords shortcut. For iOS and iPadOS users, it's a single tap from the home screen, while macOS users can find it in the menu bar. Make sure you have the [Apple Shortcuts][apple-shortcuts-download] app installed, and then download the [Passwords Shortcut][passwords-shortcut] or follow the provided instructions to download and run the script. This script retrieves the shortcut and configures your terminal environment for Touch ID, simplifying your authentication process. 60 | 61 |

62 | 63 |

64 | 65 | 66 | 67 | Download the Shortcut 68 | 69 | 70 |

71 | 72 |

73 | 74 | ### Manage passwords in the terminal 75 | 76 | Macs have a fingerprint scanner (Touch ID) to simplify the login process. iCloud Keychain works best when you leverage Apple’s biometric system to make filling passwords quick and easy. Then you won’t need to type your Apple ID password or passcode whenever you need to fill in a field, but this is not activated by default in the terminal, which means that when you run programs with security privileges, you need to type the password. 77 | 78 |

79 | 80 |

81 | 82 | Use Touch ID in Terminal 83 | 84 |

85 | 86 |

87 | 88 | You can either manually set up Touch ID in your terminal by following the provided steps, or use the script for an automated process: 89 | 90 | - [Manual Setup](#manual-configuration-of-touch-id) 91 | - [Automated Script](#automated-configuration-of-touch-id) 92 | 93 |
94 | 95 | > **Note:** Modifying PAM (Pluggable Authentication Module) configurations requires careful consideration due to its sensitive nature. It's imperative to fully comprehend each step and command involved in this process. Before making any changes, it is crucial to have up-to-date backups of your system to ensure safety and security. Proceed with caution and informed understanding. 96 | 97 |
98 | 99 | ## Manual Configuration of Touch ID 100 | 101 | ### Before macOS Sonoma (Pre-macOS 14) 102 | 103 | 1. **Open Terminal:** Start by launching the Terminal application on your Mac. 104 | 105 | 2. **Edit Configuration:** Open the `/etc/pam.d/sudo` file in a text editor. For example, using nano, enter: 106 | 107 | ```shell 108 | sudo nano /etc/pam.d/sudo 109 | ``` 110 | 111 | 3. **Integrate Touch ID:** At the top of the file, add the following line: 112 | 113 | ```shell 114 | auth sufficient pam_tid.so 115 | ``` 116 | 117 | 4. **Save Changes:** After adding the line, save your changes and exit the text editor. 118 | 119 | Following these steps enables Touch ID authentication for the sudo command in Terminal, allowing fingerprint verification instead of a password prompt. 120 | 121 |
122 | 123 | ### macOS Sonoma (macOS 14) and Later 124 | 125 | macOS Sonoma introduced `/etc/pam.d/sudo_local`, a new file to maintain Touch ID configurations for sudo across system updates. Here's the setup process: 126 | 127 | 1. **Check for the template:** macOS Sonoma includes a `sudo_local.template` file. Ensure its existence with: 128 | 129 | ```shell 130 | ls /etc/pam.d/sudo_local.template 131 | ``` 132 | 133 | 2. **Create File:** If the `sudo_local.template` exists, copy it to create `sudo_local`: 134 | 135 | ```shell 136 | sudo cp /etc/pam.d/sudo_local.template /etc/pam.d/sudo_local 137 | ``` 138 | 139 | 3. **Edit sudo_local configuration:** Open `sudo_local` in a text editor, for example: 140 | 141 | ```shell 142 | sudo nano /etc/pam.d/sudo_local 143 | ``` 144 | 145 | 4. **Uncomment Touch ID rule:** Uncomment the Touch ID rule by removing the `#`` at the beginning of the line: 146 | 147 | ```shell 148 | #auth sufficient pam_tid.so 149 | ``` 150 | 151 | to: 152 | 153 | ```shell 154 | auth sufficient pam_tid.so 155 | ``` 156 | 157 | 5. **Save and Test:** After editing, save the changes, close the editor, and test the new configuration by using the sudo command in Terminal. 158 | 159 | These steps enable Touch ID authentication for sudo commands on macOS Sonoma and later versions. For automated setup, consider using a script as outlined below. 160 | 161 |

162 | 163 | ## Automated Configuration of Touch ID 164 | 165 | Keyave is a script designed to automate the setup of Touch ID authentication for terminal operations on Mac, replacing the need for password entry. Choose from two methods for installation: 166 | 167 | **Automatic Download via `curl`:** Simply execute the following command in your terminal to quickly download and seamlessly install the utility: 168 | 169 | ```shell 170 | zsh -c "$(curl -fsSL https://raw.githubusercontent.com/nicolodiamante/keyave/HEAD/bootstrap.zsh)" 171 | ``` 172 | 173 | **Manual Cloning:** For those who prefer a hands-on approach, you can manually clone the repository to your desired location (`~/keyave` in this case): 174 | 175 | ```shell 176 | git clone https://github.com/nicolodiamante/keyave.git ~/keyave 177 | ``` 178 | 179 |
180 | 181 | ### Post-Download Steps 182 | 183 | **Directory Navigation & Script Execution:** Navigate to the root directory of the repository, and then execute the installation script using the following command: 184 | 185 | ```shell 186 | source utils/install.zsh 187 | ``` 188 | 189 | The script first determines the macOS version on your Mac. For macOS Sonoma (version 14) and later, it modifies the `sudo_local` file to enable Touch ID authentication for sudo commands. This is achieved by copying a template file and adjusting its settings to incorporate Touch ID support. If the system is running an earlier version of macOS, the script instead modifies the `sudo` file directly to enable Touch ID, adding the necessary configuration at the top of the file. In both scenarios, a backup of the original file is created for safety. The script is tailored to enhance security on Mac models with Touch ID capability. 190 | 191 |
192 | 193 | ## Final Thoughts 194 | 195 | Apple's iCloud Keychain is a user-friendly password management solution seamlessly integrated into the macOS ecosystem. It's ideal for casual users and families looking for simplicity. Besides password storage, it securely handles credit card data and syncs across Apple devices. With end-to-end encryption and biometric authentication, it's cost-effective and proactive against password breaches. Recent updates enable third-party app integration. iCloud Keychain combines ease of use, strong security, and broad functionality, making it a standout password manager choice. 196 | 197 |

198 | 199 |

200 | 201 | Siri launching Shortcut Passwords 202 | 203 |

204 | 205 |

206 | 207 | ## Notes 208 | 209 | ### Easy access to the Shortcut using Spotlight 210 | 211 | To access the Shortcut using Spotlight, follow these steps: 212 | 213 | Open the Shortcuts app on your Mac Arrow Open Passwords Arrow Click on the File menu in the top-left corner of the screen Arrow Click on Add to Dock from the dropdown menu. 214 | 215 | Once you add the Shortcut to your Dock, it becomes readily accessible. You can also use Spotlight to open it by simply typing the Shortcut's name. After adding it to Spotlight, you have the option to remove the Shortcut from the Dock if you prefer. This method offers a quick and convenient way to access your password manager, ensuring efficient management of your passwords. 216 | 217 |
218 | 219 |

220 | 221 | Spotlight Search of password.app 222 | 223 |

224 | 225 |
226 | 227 | ### How to set Touch ID in iTerm 228 | 229 | In Apple's default terminal it works like a charm, but in iTerm2 it needs additional configuration. 230 | 231 | Go to Prefs Arrow Advanced Arrow Allow sessions to survive logging out and back in Arrow Set the value to no Arrow Restart iTerm. 232 | 233 |
234 | 235 | ### Access your iCloud passwords with Chrome on Windows 236 | 237 | iCloud may be Apple’s thing, but you can still get your passwords even if you have an iPhone and a PC. You’ll need to [download iCloud for Windows][icloud-windows] first and ensure it’s updated to the latest version. Then you’ll need to grab the [iCloud Passwords extension in the Chrome store][chrome-windows] and sign in to turn on both. Once you enter your verification code, you can grab passwords from your iCloud Keychain when visiting a site in Chrome on your PC, just as if you were using Safari on your Mac. 238 | 239 |

240 | 241 |

242 | 243 | iCloud Keychain in Chrome 244 | 245 |

246 | 247 |

248 | 249 | ### Resources 250 | 251 | - [Set up iCloud Keychain][setup-keychain] 252 | - [iCloud data security overview][security-overview] 253 | - [Two-factor authentication for Apple ID][two-factor] 254 | - [How to find saved passwords and passkeys on your Mac][passkeys-mac] 255 | - [How to find saved passwords and passkeys on your iPhone][passkeys-iphone] 256 | - [Use Touch ID on Mac][touchid-mac] 257 | - [Shortcuts User Guide][apple-shortcuts-guide] 258 | 259 | ### Contribution 260 | 261 | Any suggestions or feedback you may have for improvement are welcome. If you encounter any issues or bugs, please report them to the [issues page][issues]. 262 |

263 | 264 |

265 | 266 | 267 | 268 |

269 | 270 |

271 | 272 | Nicolò Diamante Portfolio 273 | 274 |

275 | 276 |

277 | 278 | 279 | MIT License 280 | 281 |

282 | 283 | 284 | 285 | [icloud-windows]: https://support.apple.com/en-us/HT204283 286 | [chrome-windows]: https://apps.microsoft.com/store/detail/icloud/9PKTQ5699M62?hl=en-us&gl=us&rtc=1&activetab=pivot%3Aoverviewtab 287 | [apple-shortcuts-download]: https://apps.apple.com/us/app/shortcuts/id915249334 288 | [passwords-shortcut]: https://www.icloud.com/shortcuts/afd3e6896604451ab31cd303a153c881 289 | [setup-keychain]: https://support.apple.com/en-au/HT204085 290 | [security-overview]: https://support.apple.com/en-au/HT202303 291 | [two-factor]: https://support.apple.com/en-us/HT204915 292 | [passkeys-mac]: https://support.apple.com/en-au/HT211145 293 | [passkeys-iphone]: https://support.apple.com/en-au/HT211146 294 | [touchid-mac]: https://support.apple.com/en-mt/guide/mac-help/mchl16fbf90a/mac 295 | [apple-shortcuts-guide]: https://support.apple.com/en-gb/guide/shortcuts/welcome/ios 296 | [issues]: https://github.com/nicolodiamante/keyave/issues 297 | --------------------------------------------------------------------------------