Keyboard Maestro Engine Keychain Access Control

I stored a password in Keychain and I would like to access it via KM engine.
Somehow in my old Intel Mac (Big Sur) I managed to add it to the list of apps having the access to it (see below), but not on my new Mac M1 (Monterey 12.2.1). While in keychain I cannot open the Keyboard maestro app container to get to KME and with only KM having access I cannot get to the password stored in Keychain...

Any solution?
Thank you in advance,


This is probably beyond what I can help with, but let me point out that when a window is open for browsing to select a file, you can right click on the app "Keyboard Maestro" and a menu item called "Show Package Contents" will be selectable which allows you to see and select the KM Engine (under Contents / macOS.)

I use Keyboard Maestro to access keychain passwords but I don't think I have ever had to give permission for each password. I am sure it was just a permissions thing that popped up the first time I ran a keychain Macro.

But I had a look at an individual password in the same dialog you are showing and it looks like this:


So, you are right that it is the KM Engine that needs the permissions. But like I said, I've been using this feature fine without ever seeing that dialog before. (And I'm also on new Mac M1 Monterey 12.2.1)


I agree, now the question is how to get KME in that box...

I know, but not in keychain unfortunately:

Well, I see your point, but there is a "Show in Finder" and if you select that, then you should be able to "Show Package Contents" from which you can find the Engine, and I'd give that a try. I'm not sure if it will work, but it might.

But if that doesn't work, you have to listen to Zabobon who is one of the real wizards on this site, not a wanna-be like me.

not possible to add that way, already tried.
Thank you for your input.

Have you tried saving a new test password to the Keychain using Keyboard Maestro Actions and then retrieving that same Keychain entry also using Keyboard Maestro Actions?

When I do this it just works and the permissions are set automatically. I'm wondering if the first time you do it some kind of permissions thing might pop up to allow you to give permission for Keyboard Maestro and after that initial run it works?

In case it helps, here is an Example Macro that does the simple thing of asking you to save a new password and then retrieves that password from Keychain. Even it it fails it might give some clues with an error message. Here is the Macro:

EXAMPLE Keychain Password Save and Show.kmmacros (18.9 KB)

Click to Show Image of Macro

EXAMPLE Keychain Password Save and Show

And here's what the Macro should be able to do:

Screen Recording 2022-03-09 at 10.32.22-Animated GIFF 640 12fps

And when I save by this method the Keychain password has automatically given permission to Keyboard Maestro Engine:



Thank you very much.
I tried on my old system and it works, in case I will just use it to create the password(s) that I need to access via KME - I'll try it on my M1 tonight.

Frustrating nonetheless to be unable to add an app in a package.
Thinking about it, I tried something else:

  1. Dragged a copy of KME from the package to Applications
  2. Created a new password
  3. Added KME, autenticated, and it was listed!
    I moved KME to bin and emptied the bin and still KME was in the list of applications with access.

Convoluted, but seems to work at least on this machine. Will test tonight on M1.

One quirk I have found with Keyboard Maestro saving passwords in Keychain. Although I have iCloud Keychain Syncing turned on and I have Keyboard Maestro Macro syncing turned on - the Passwords made by Keyboard Maestro are only on the machine that created them, i.e. stored locally not in the iCloud Keychain.

So, I have found I have had to recreate the passwords on each machine. Once they are created the same Keyboard Maestro Macro can access them on the different machines as long as the name the Keychain Item is exactly the same on each machine.

I have since found that this is a known issue i.e. Keyboard Maestro does not work with iCloud Keychain.

On another note, as well as working with the Keychain, Keyboard Maestro can also work with the app 1Password. You can use Keyboard Maestro to assign a shortcut to open a 1Password Item to either just view it, or to open the webpage it is associated with. What is good about this is that 1Password needs to be in unlocked mode before opening the item. If it is locked, it will prompt you to unlock.

A good example is if I want to fill in passport details. My Keyboard Maestro Palette has a Macro called Passport. When I click on it, it opens the 1Password sheet that has all my passport details. The setting in the Keyboard Maestro Acton is "View" opens the sheet so you can view it and copy items, "Open Default" uses Safari to take you to the web page associated with the sheet and auto-fills in the details.


For this to work at all you give Keyboard Maestro the dreaded permissions, in 1Password's Preferences>Advanced:


I know this is a digression and you might not even have 1Password but I find the combination of Keychain for the irritating little daily passwords and 1Password for the more complex works really well.

In terms of security, the Keychain items are available to Keyboard Maestro as long as I am logged in so, it's not as secure as 1Password.

So, in one Palette I might have both a Keychain item and a 1Password item:



Thank you for you advice!
1Password is an excellent option, that I have been using since its first version.
The issues as you rightfully say are the "dreaded permissions" - it would be grand if 1Password could give access by vault instead of globally, something to bring up with AgileBits.

As I am just accessing a few passwords I do not care about keychain synch.

Using your macro I can add a password to the keychain and it is read, however I cannot access it afterward to put it in a variable - even if KME has the rights to access it - weird...

Are you saying that the Example Macro does create a new password in Keychain and does retrieve and display the newly created password, but at a later date you cannot access that password using another Macro?

In other words, if you had made a Keychain item named "Test" that at a later time, an Action like the below would not retrieve it?

That is correct.
The item is created and correctly displayed
But it is not possible to retrieve it afterward...

Very strange. All the Example Macro is doing is creating and then retrieving the password to a local Variable, which it then displays. The same Action to retrieve it should work whether it is in the Example Macro or a new Macro.

Could you upload a screenshot of the Action you are using to retrieve the password? I'm assuming it is identical to the image I posted above?

And a few thoughts (some obvious, but who knows...)

  1. That local Variable in my Example Macro will empty itself when the Macro finishes - I'm assuming you don't expect that local Variable to persist?

  2. Are you logged in as the same user as when you created the Keychain Item?

  3. And the Keychain is not set to lock after a certain time?


In reply to your answers:
1-not expecting that

I call on the variable like this:

And it works like a charm on my old machine...


This is the bit that doesn't make sense to me. If it is correctly displayed once (which it wouldn't be if Keyboard Maestro couldn't read the Keychain file) I can't see why it wouldn't be displayed correctly again if you are using the exactly the same Action to retrieve it.

And the bit that is blurred out in the Account box at the bottom of your Screenshot is written exactly: %UserLoginID% ?

And it seems that password names take account of capital letters. I have found that test will not call up a password named Test

Thank you for your feedback.
Under account I put the UserLoginID for my account (all in minuscule) and the password title is all in capital, so no surprises. And again it works on my old computer as such.

But, I tried to put %UserLoginID% instead of my login name, and it works!
So I tried again with the UserLoginID for my account and it works!!

I did not follow the advice of Zen and the Art of Motorcycle Maintenance (do not change two things at the same time): when I could not access the keychain item, at some point i put "%" around my UserLoginID to see if that was the problem (NOT), and once created the password allowing KME the access with your macro the username was not working.

Senior moment...

Thank you a lot for your help!!!



It would still be good to find a way to add directly in keychain an access to KME...

1 Like

Funnily enough I just did it using the token %UserLoginID% because that is how it shows it in the Keyboard Maestro Wiki examples. But it's a robust way to use the Actions as it means they will work no matter what the user name is. When you first set up a new Mac it is very easy to end up with a slightly different user name than you thought.

You can also use the same Token like below, to find out exactly what your login name is:

Depending how many passwords you want Keyboard Maestro to be able to have access to, it's very quick to use the Example Macro I gave you to just set them up. That's what I did. I think I only have about five items that I want available through a Keyboard Maestro Palette. Just keep a note of the exact names you give the passwords so that Keyboard Maestro can retrieve them at a future date. (Of course the best way to keep that list of names is to automate the list creation with Keyboard Maestro :rofl:)