LinuxCommandLibrary

apw

CLI for Apple Passwords on macOS

TLDR

Start the background daemon
$ apw start
copy
Authenticate with the daemon
$ apw auth
copy
Interactively search passwords
$ apw pw
copy
List passwords for a domain in JSON
$ apw pw list [domain.com]
copy
Interactively search OTP tokens
$ apw otp
copy
List OTP secrets for a domain in JSON
$ apw otp list [domain.com]
copy

SYNOPSIS

apw command [options]

DESCRIPTION

apw (Apple Passwords) is a command-line interface for accessing Apple Passwords (formerly iCloud Keychain) on macOS. It provides shell access to iCloud-synced login credentials and OTP secrets without opening System Settings. The tool uses a daemon-based architecture where a background process communicates with macOS's built-in Passwords helper tool.
Authentication uses native macOS prompts (Touch ID or password dialog), so credentials are never exposed insecurely. The list subcommands output JSON for scripting and automation.

PARAMETERS

start

Start the background daemon
auth
Authenticate the CLI with the daemon
pw
Interactively list and search passwords
pw list [domain]
List passwords in JSON format, optionally filtered by domain
otp
Interactively list and search OTP tokens
otp list [domain]
List OTP secrets in JSON format, optionally filtered by domain
-h, --help
Display help information
-V, --version
Show version number

CAVEATS

Requires macOS 14 (Sonoma) or later. The daemon must be running and authenticated before querying. Authentication is required after each system restart.

HISTORY

apw was created by Ben Dews (bendews), written in TypeScript with Deno and compiled to a static binary. It is licensed under GPL-3.0 and first released in March 2024.

SEE ALSO

pass(1), security(1), keychain(1)

> TERMINAL_GEAR

Curated for the Linux community

Copied to clipboard