Passwords in shortcuts


#1

I have been using the ssh action a lot in shortcuts, but this requires my embedding the password in the shortcut and also requires me updating every shortcut when the password changes (as it did the other day after an unfortunate leak). I’m still coming across shortcuts with the old password that I forgot to update.

Anyway, is there a better way to deal with passwords in shortcuts? It doesn’t seem to have any support for the keychain (:crossed_fingers:t3:soon) which would be ideal, so what?


#2

In terms of central management, you could use a text file or another shortcut to hold the password data. Then read the file or run-to-return the shortcut to get the password.

This does nothing for security, only convenience. What it’s missing is encryption.

You could build in some crypto to the shortcut (I have an idea for how to do that but I need to at least build a proof of concept first). Alternatively you could grab it from somewhere else that is secured.

e.g.

  • Call out to a Scriptable script, which can access Key Chain.
  • Call out to Drafts 5’s credential store via a Drafts action.

Hope that helps.


#3

I’ve made the CryptoKit shortcut to encrypt and decrypt passwords. It has two different modes, one with a master password and one without (the master password is just stored in the shortcut itself).

You can find it here: https://www.reddit.com/r/shortcuts/comments/9p2vix/cryptokit_a_cryptography_shortcut/?utm_source=share&utm_medium=ios_app


#4

Thanks, these all seem promising.