cd /news/developer-tools/icloud-keychain-apple-passwords-supp… · home topics developer-tools article
[ARTICLE · art-64617] src=github.com ↗ pub= topic=developer-tools verified=true sentiment=· neutral

iCloud Keychain (Apple Passwords) Support for Linux

A new open-source tool called iCloud Keychain for Linux lets users access their Apple passwords on Linux machines without a Mac. The project, built with AI assistance, downloads passwords into an encrypted local store and provides a browser extension for autofill, though it remains untested with Advanced Data Protection enabled.

read4 min views3 publishedJul 18, 2026
iCloud Keychain (Apple Passwords) Support for Linux
Image: source

Use your iCloud Keychain passwords on Linux - no Mac required. Sign in with your Apple ID and icp

registers this computer as one of your Apple devices, then downloads your passwords into a private, encrypted store on your machine. A browser extension fills them in for you, just like the Passwords app on a Mac or iPhone. Your Hide My Email addresses show up too.

Note:Most of this project was written with AI assistance (and reviewed by a human). It works with my own Apple account, but that's no guarantee it will work with yours. Your passwords never leave your computer, and nothing is ever changed in your Apple account -icp

only reads.

This is also

untestedwith Advanced Data Protection enabled. Any help with this will be appreciated - let me know if you have any issues with ADP enabled (also lmk if it works). Please don't spam escrow attempts!

An anisette server running on your machine. Apple's sign-in needs a small piece of data that only Apple's own software can produce; the anisette server provides it locally. Start one with Docker (or Podman) - it keeps running in the background:

docker run -d --restart=always -p 6969:6969 dadoum/anisette-v3-server:latest

You only have to do this once. (If you run it somewhere other than the default http://localhost:6969

, set ICP_ANISETTE_URL

to its address.)

You will also need this repo. Clone it / download it as you wish.

From the project folder:

python3 -m venv .venv && .venv/bin/pip install -e .
source .venv/bin/activate
icp login

This will walk you through the login: enter your Apple ID, password, and the 2FA code Apple sends to your other devices. icp

then asks for a device passcode or iCloud Security Code so it can join your keychain.

  • You're only asked for your password and 2FA code once.icp

should stay signed in for a year after this. - The passcode step is important and can't be undone: entering the wrong passcode too many times (about 10) will permanently lock your keychain recovery. One correct entry is perfectly safe. - Your 2FA code and passcode are used immediately and never saved. Your password is kept** encrypted on your computer**(in your login keyring) soicp

can stay signed in without asking you again - it never leaves your machine. Your access tokens and passwords are stored the same way.

icp show

Opens a full-screen list - start typing to filter, Enter to reveal a password, Esc to quit. Add a word to search directly, or --plain

for plain text:

icp show github

The extension/

folder works in Chromium based browsers and Firefox.

Open your browser's extensions page (e.g.

chrome://extensions

,helium://extensions

) and turn onDeveloper mode. - Click

Load unpacked and choose theextension/

folder. Copy theExtension ID it shows. - Connect the extension to

icp

by running:

host/install.sh <EXTENSION_ID>

Reload the extension. Click its toolbar icon - you'll see the logins for the current site.

Open

about:debugging#/runtime/this-firefox

, clickLoad Temporary Add-on..., and chooseextension/manifest.json

. (Firefox removes temporary add-ons when it restarts, so you'll need to re-load it after restarting.) - Connect it to

icp

:

host/install.sh

Click the toolbar icon to see logins for the current site.

If you ever move this project to a different folder, just run host/install.sh

again.

  • On a sign-in page, click the username or password box - an iCloud Passwords dropdown appears with matching logins. Click one to fill it in (it handles email-first pages like Google too). - Start typing to narrow the list.
  • Or click the extension's toolbar icon and pick a login there.

Your passwords are a snapshot, so new or changed ones need a refresh. This happens automatically in the background whenever the snapshot is more than 6 hours old - you don't have to do anything. To refresh right now:

icp sync
login    sign in, join your iCloud Keychain, and download your passwords
show     browse and search your passwords and Hide My Email addresses
sync     refresh your passwords now
logout   sign out (use --wipe-device to also forget this device)

The GrandSlam sign-in flow is adapted from JJTech's reference. The keychain decryption, Octagon trust join, and CloudKit transport follow OpenBubbles/rustpush, cross-checked against Apple's open-source Security code. Hide My Email is ported from dedoussis's browser extension. Machine data is provided by the SideStore ecosystem's anisette-v3-server

. See RESEARCH.md

for how it all works.

── more in #developer-tools 4 stories · sorted by recency
── more on @apple 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/icloud-keychain-appl…] indexed:0 read:4min 2026-07-18 ·