When you write a password with the Set Keychain Password to Text action, by default, Keyboard Maestro has access to the password whenever the login Keychain is unlocked. So you can lock the login Keychain, and then you would need to unlock it.
But you can also open the Keychain Access tool, find the password entry, and remove Keyboard Maestro Engine from having unrestricted access to the password. Then whenever Keyboard Maestro Engine wants to read the password, the system will ask for permission and you will have to enter the login password.
If you do this, and use a Password variable, so the variable is not stored anywhere, then the security should be relatively high. Keyboard Maestro would not have access to the password except after you typed your password in. And even if I expose running instances, I would not expose the value of a password variable.
I believe I now better understand your terminal command script to deliver an internet password. However, the difficulty I'm having is with a "Web form password". Reading through the man security command information, I don't see any reference or commands to display these passwords.
Does that suggest it is not possible to access or display these and thus requires the "My Goofy Keychain Password" (i.e. Generic duplicates) approach for use with Keyboard Maestro?
Your response is clear! However, the question is does it also work when the Keychain Accsss kind is Web form password? I have not been able to successfully obtain the password so far. Please show the terminal statement that you would recommend for the following Keychain item: