I plan to use KM to interface with API's of various services. Usually with Python. Most of the documentation provided for these services recommend that you store the passwords / API keys as environmental variables on your operating system, and then reference these.
This works fine if you execute a python script on its own, but I'd like to integrate my scripts into my macros.
As I'm using KM as the backbone of my system I'm running into issues with this:
Shell scripts executed in KM don't seem to be able to access the OS's environmental variables
I can just reference a KM variable which contains the key, but this is still storing the key/password as plain text (but within the KM macro).
I thought about reading a passworded file which contains the key and storing it to a local variable, but shell scripts don't seem to be able to access KM instance variables
Using a global variable might work, but I don't know how to dynamically lock and unlock a file, and there wouldn't be much point given I'd need to protect the password to this file, defeating the exercise.
Perhaps I could remotely command the script to execute from KM (without running it through an execute shell action), but I don't know how to capture the output.
I'll let others with more expertise in the passwords/API area answer your other questions, but the above isn't true: You can access local, instance, and global variables from shell scripts.
There are two gotchas to watch for: You need to check the drop-down next to the shell script box and make sure it's set to include variables. And you need to reference any variables with spaces in their names with underscores instead.
But with those caveats, you can do...
ls -al "$KMVAR_instance_MyFilePath"
...and it will work just fine. You can't write a Keyboard Maestro variable directly from the shell, but you can read one.
Is that actually a problem? Who would be able to access that plain text, and how? Is that actually any less secure than the keys you've stored in environment variables?
I'm not being snippy -- only you know how your Mac is set up and who has access to it.
And if you're using a password manager, see if you can leverage that.
They should be able to (assuming you mean env variables you've exported and are available in eg a Terminal session). Make sure you are using the same shell, of course.
There is no such thing as the OS's environmental variables. What you likely mean is, the shell environment that Keyboard Maestro creates does not execute the login configuration scripts (like ~/.bash_profileor~/.bashrc) which contain environment variables configurations.
Yes, not ideal. But the next question is - where exactly as those environment variables being stored. Because if they are stored in the ~/.bash_profile or ~/.bashrc, then they are already stored in plain text…
Note that it's not generally a great idea, but you can have your script actively read and process those files (eg source ~/.bash_profile). But if the environment variables are simply stored in one of those files, then you could just make a copy of that information in a file like ~/.mydata and source ~/.mydata.
