Using keychain on Mac OS X

I use keychain to manage my SSH keys on every system. This means I don’t use SSHKeychain, and I don’t use launchd as an ssh-agent front. Unfortunately, this makes it impossible for graphical Mac OS X apps to use the keychain; the SSH_AUTH_SOCK environment variable is set when your shell starts up and any custom environment variables for your graphical apps are set in ${HOME}/.MacOSX/environment.plist. To get around this, add the following or something similar just after your shell reads the keychain script.

source ~/.keychain/${HOSTNAME}-sh

# to allow p4v to use keychain instead of launchd
cat <<EOT > ~/.MacOSX/environment.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>SSH_AUTH_SOCK</key>
	<string>$SSH_AUTH_SOCK</string>
</dict>
</plist>
EOT

The one limitation is that you must start your Terminal before launching anything that uses keychain, but since I start Terminal as soon as I log in, that’s not a problem.
post/read comments

This entry was posted in Computers. Bookmark the permalink.

Leave a Reply