KeyChain Security command line tool works with find-internet-passwords but not find-generic-passwords

Question

Looking into using the command line tool for KeyChain. I am able to do a lot of the things through security; listing my multiple keychains, dumping them and setting defaults. Reading through tutorials and other postings I expect to find my passwords with

security find-generic-password test

But I get

security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain.

This won't work in my default keychain or login.keychain. However, I am able to find my passwords listed as 'internet' with find-internet-password command. Can anyone explain why or what I am doing wrong? Sites I've been reading is the man page and http://blog.macromates.com/2006/keychain-access-from-shell/,

Answer 1

A more accurate and up to date answer would be to use -w instead of -g if you only need password. I've seen people using -g and parsing output using awk/perl to get the password field, which is not needed (anymore). All you need to do is:

security find-generic-password -a foo -s bar -w

You may use find-internet-password instead of find-generic-password command depending on where your password is stored in keychain.

Answer 2

Generic passwords are identified by their Service and Account attributes. For example, to search for a password for account "bar" of the "foo" service, use

security find-generic-password -a foo -s bar -g

The -g option displays the value of the password at the end of the output.

The combination of service and account is guaranteed to uniquely identify a particular password. Other queries (comment, label, etc.) are possible, but they may match multiple passwords. find-generic-password displays only the first single matching item, which limits its usefulness for such queries.