Off-site backup of “login.keychain”

keychain backup dropbox

Solution 1:

1Password is a product that may interest you. Seems to tick all the boxes in terms of speed, off-site and secure storage. Plus it allows you to use it on all your devices too (iPhone, iPad etc).

Solution 2:

I did end up using an encrypted volume and Dropbox. The following is a step-by-step guide (this assumes that Dropbox is already installed):

  1. Create an encrypted volumne in Disk Utility.app, and save the image file in your Dropbox folder.

    1. Open the “Disk Utility” application.

    2. Add a new disk image:

      Before adding a new image

    3. Save the file as “Keychain” (extension will be added automatically) in your Dropbox folder and enter the following information:

      Information of the volumne

    4. After pressing “Create”, you will be asked to provide a password:

      Choosing a password

  2. Add the volumne file to your login items so that the image is automatically mounted on login.

    1. Open your System Preferences, go to Account preferences.
    2. Go to the “Login Items” tab.

    3. Drag and drop your Keychain.sparseimage file from the Dropbox folder into the Login Items list:

      Adding a login item

  3. Create a launch agent which watches for changes in the keychain and copies it into the encrypted volume.

    1. Open a terminal (e.g. Terminal.app).
    2. Change into the launch agents path: cd ~/Library/LaunchAgents/

    3. Create a text file in that folder (e.g. using vim), name the file net.madrat.utils.keychain-sync.plist and paste the following content into the text file:

      <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>net.madrat.utils.keychain-sync</string>
    <key>OnDemand</key>
    <true/>
    <key>ProgramArguments</key>
    <array>
        <string>/bin/cp</string>
        <string>/Users/USERNAME/Library/Keychains/login.keychain</string>
        <string>/Volumes/Keychain/</string>
    </array>
    <key>RunAtLoad</key>
    <false/>
    <key>StartInterval</key>
    <integer>1800</integer>
    <key>UserName</key>
    <string>USERNAME</string>
    <key>WatchPaths</key>
    <array>
        <string>/Users/USERNAME/Library/Keychains/login.keychain</string>
    </array>
</dict>
</plist>

      (Replace all occurrences of USERNAME by your login user name.)

      Important: The file name of this file must correspond to the Label string, plus the .plist extension. If you change either you must also change the other.

  4. Activate and test the launch agent.

    1. In the terminal, execute launchctl load net.madrat.utils.keychain-sync.plist. The launch agent is now active.

    2. Test the agent by adding a new key to your keychain, and observe that Dropbox updates the Keychain.sparseimage file.

Related

Kernel panics; Apple hardware test error codes... Bad memory?
How to use an iPod touch with big fingers?
Using the Apple Battery Charger with non-Apple batteries
How can I tell OS X to flag a name as being misspelled?
What can I do to speed up a Mac that is running slow?
Getting to the Dashboard in Lion
lion: assign buttons on a Microsoft mouse
How to share files with coworkers via internet? Securely?
Running VI on Lion
What can I do to check the integrity of the hard drive and all its files, to see if they are corrupt or not?
Disk utility in command line
Mac blogging client similar to Windows Live Writer