Store secret in Mac OSX keychain

Author: caalberts

README.md

@@ -56,7 +56,8 @@ export LAZY_CONNECT_TOTP_QUERY=<name of the issuer>
 
 ### Warning
 
-- The secret key to generate TOTP is stored as plain text in `~/.config/lazy-connect/secret`
+- The secret key to generate TOTP is stored in Keychain on Mac under default `login` keychain. You may need to
+  enter your login password to allow access to Keychain.
 - You need to add your Termainal emulator app that invokes the function to `Security & Privacy -> Accessibility`. It is
   necesssary because the script interacts with the UI. There are other ways via CLI to avoid UI interaction but
   they are all broken in OS X 10.12+.

lazy-connect.sh

@@ -11,7 +11,9 @@ function _lazy_connect_init() {
     echo -n "Secret Key: "
     read -s secret_key
     echo "**********"
-    echo $secret_key >$_lazy_connect_config_dir/secret
+
+    echo 'Storing secret in keychain.'
+    security add-generic-password -a lazy-connect -p "$secret_key" -s lazy-connect
     ;;
   esac
   _lazy_connect_vpn_refresh
@@ -171,7 +173,13 @@ function lazy-connect() {
     esac
   done
 
-  secret=$(cat $_lazy_connect_config_dir/secret)
+  local secret=$(security find-generic-password -a lazy-connect -w 2> /dev/null | tr -d '\n')
+  if [ -z "$secret" ];
+  then
+    echo "Secret not found in keychain. Initialize lazy-connect and try again."
+    return 1
+  fi
+
   vpn_name=$(cat $_lazy_connect_config_dir/vpns \
     | fzf --height=10 --ansi --reverse --query "$*" --select-1)
   [ -z "$vpn_name" ] || _lazy_connect "$vpn_name" "$secret"