An AppleScript to batch update Keychain passwords

Sep 21, '05 08:53:00AM

Contributed by: my_breath_smells

I use my personal PowerBook at work and have accumulated many Keychain entries for network shares, email and VPN access. Company policy is that passwords must be changed every 30 days, so once a month, I have to go through my login keychain (in Keychain Access) and update every keychain entry to use the new password.

Updating 100+ passwords manually finally became too tedious, so I've AppleScripted a solution. As Keychain Acces is not a scriptable application, this solution uses UI Scripting, and "Enable access for assistive devices" must be enabled in the Universal Access System Preferences panel.

The script prompts the user for the old password to replace and the new replacement password, and then proceeds to open every keychain item and will require user assistance to show the associated password. If you know a specific keychain item is not applicable, you can choose "Deny" and the script will continue. Otherwise, you will need to enter the password for your login keychain and then "Allow Once," or "Allow Always" if you want the password immediately accessible in the future. (It would be really nice if there were a sudo-like timeout so that you could enter your login password once in a session (or once for five minutes) and edit all that keychain's items.)

Only matching passwords will be modified.

[robg adds: I haven't tested this one...]

Comments (7)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20050916132720630