Is it possible to build actions for API based services which get the API‘s secrets stored in a Keychain or a 3rd party Password manager?

Hello Folks

As I mentioned in this topic - I have plans to build my own custom PlugIns - and some are API based like the Pushover PlugIn.

The Pushover PlugIn is a very good example of what I mean when it comes to security based on how the API Credentials are stored. Even though the fact that I use this PlugIn quite a long time now … it comes to my mind that the handling of how the API Key is stored inside the AppleScript Source of this action could be improved.

There are some other Services out there I am using or want to and I want to automate them using KM Macros with custom PlugIns when possible - but I want to know if a PlugIn can be written in a form that doesn’t have any API Credentials in it and is able to get any of the API Credentials from either the Keychains Application or any other Password Manager.

Also of interest is if it could be written to receive a Keyboard Maestro Password Variable where the Credentials could be stored and would not be accessible from others using KM‘s native Password actions or custom ones for a specific Password Manager like 1Password or Dashlane or Web-Confidential.

I want those Credentials to be safe from any point you can think of.

Greetings from Germany

Tobias (aka @Nr.5-need_input)

Nothing is completely bombproof, except an non-networked air-gapped computer inside a robust faraday cage...


You can get pretty tricky if you want to go to the trouble.