1Password for Fluid with Keyboard Maestro

Introduction 1:

This post shows you what the title promises.

Introduction 2:

You now what… way too often I’m really overtired. I wake up at 3 am in the morning for no reason¹ for the 3 days straight getting only 3 hours of sleep. Let this sentence resonate through your cochlea… because it’s an awfully sleek transition to our topic (well… not really).

Lately I’m kicking into high gear and plow through Brett Terpstra’s and fellow Dropshare² (beta tester/) user Christina Warren’s brillant new podcast Overtired. To be precise, episode 7 is my target today since Christina brought-up Choosy. For me it’s a key-player on my system and I wouldn’t want to miss it.

But one thing after another.

Why To Use Fluid For Certain Web Apps?

Fluid can make any web apps look and feel more like a native app. You can setup your Gmail account and access it as an app.

It’s a free app, but for $4.99 you can unlock these four features:

1. Create Fluid Apps with Separate Cookie Storage. (Preferences → Security → Cookie Storage)
   • This is my favorite feature since your Fluid.app now doesn’t care anymore when you clean out Safari’s cache. It saves your login data and what-nut. You’ll explicitly have to select this option in your newly generated Fluid app and then restart it again.
2. Pin Fluid Apps to the Mac OS X Status Bar. (Fluid App Menu → Pin to Status Bar…)
   • I don’t use this feature, but if opening apps with a click on the menubar is your thing, you gonna love this.
3. Use Userscripts or Userstyles in your Fluid Apps. (Window → Userscripts)
   • This is really cool if you what to pimp out Gmail with no-ads scripts and the other things that float around on Userscripts.org & Co.
4. Use Lion Full Screen mode in your Fluid Apps. (View → Enter Full Screen)
   • I’m not a big fan of the full screen mode in general. If I could I would deactivate it completely.

Fluid is cool, because when browsing with Safari, Chrome and the rest of the hord you constantly have to worry if your’re logged out of Facebook and Co.

With Fluid, not anymore. Every time another website/web app tries to access your Facebook login data it comes home empty handed, because you’re a smart cookie and keep things separate (see feature number 1).

This is also cool for online banking. It’s the only way I do such sensitive transaction tasks on my Mac since this way, my bank account is completely sealed off from all the nonsense that is stored in the browser (I’m looking at you devilish cookies… and you, filthy cache). In short: it’s a security plus point.

The 1Password-less Fluid App

Well, now you’re using Fluid, feeling great and all… until you discover that there is no 1Password extension for Fluid. What a bummer. Luckily, as any good Mac user, you have Keyboard Maestro installed on your Mac.

Storing your password securely:

If you never have used Keyboard Maestro’s in conjunction with the Max OS X keychain to store passwords, let me walk your through this process.

(1) Open the Macro Library.

(2) Scroll to the library until you find and entry named “Secure Passwords” and click insert in the bottom left of the screen.

(3) In your groups section you will find a new folder named “Secure Passwords”.

Adjust the first macro until it looks like this:

I added another variable in the prompt so that you can set the keychain name without it defaulting to “examplepass”. In addition, I deleted the keychain name variable (just to keep my library of variables cleaner).

To start the macro, trigger it in Keyboard Maestro’s menu:

… or hit ⌘A to select all actions of the macro and click on “Try” at the bottom.

Now enter your password for the banking website (from 1Password, because surely you use this awesome app).

Next enter the keychain name. I suggest to keep it simple and rememberable (in this example I used “finanzblick”).

Note: If at some point in time you forgot the assigned keychain name you can always go on the hunt for it in the Mac OS X (/Applications/Utilities/)Keychain Access.app.

Retrieving the password to log into an app:

Create a new group in Keyboard Maestro with the name of your Fluid app. Don’t forget to check in the group settings that the macros will only be available in this one app.

This way you can create the macro and assign the same shortcut as the one you use for your 1Password “Fill Login on current web page”. If you set up everything correctly it won’t interfere with 1Password.

Depending on the layout of the website we’re dealing with you need to get more or less tricky with Keyboard Maestro’s UI-scripting capabilities.

The website I want to log into is super simple.

It’s also quite nice that the carrot is automatically positioned on the username field, because that’s the first field we want to auto-populate with our login macro.

I use ⌘§ for the macro:

1. In the first action insert the name of the keychain entry you created (“finanzblick”).
2. Since the cursors is already position in the username field, let Keyboard Maestro type out your username with an “Insert Text” action.
3. To get to the next field - the password field - insert the “Type a Keystroke” action and assign the TAB key to it.
4. Now it’s time to retrieve the stored password. You can do this with the %Password% variable. I went with a “Insert text by typing” action again because some ‘super-secure’ websites prohibit pasting passwords… those ones also don’t work with 1Password.
5. Oddly enough I can’t use the TAB trick again to proceed to the login button. So I made a screen shot of the button and used the “Move or Click Mouse” action.³

Pro tip: If your carrot isn’t positioned right from the beginning at the username filed, you can repeat step 5 for this form field.

Bonus: No Pasting Allowed

If you want to use this technique in a browser on website who don’t allow pasting passwords, there are a couple of workarounds.

(1) You can write a macro like this:

… and assign a special hotkey to it just for that one site.

(2) You could even get trickier by assigning a script trigger which looks for a specific page title in your browser. This feels too CPU-intensive for my taste, but here’s a link Vítor Galvão’s AppleScripts to get the frontmost tab’s title, just in case you want to try it (or have another use-case at hand).

(3) You could copy the password via 1Password and use this sophisticated trick by Gabe Weatherhead. I opt for this solution. It’s simple and get’s the job done, plus it’s a super handy macro to have around.

Bonus Points: Use Choosy

Now we arrive at a full circle: Choosy. The app which the whole Overtired crew and I like to endorse because it’s plain aweseom.

For $12 you can buy an app which prevents you from accidentally opening your banking site in the browser. But Choosy has a few more tricks up his sleeve…

Forget the default browser, Choosy opens links in the right browser. When you click on a link Choosy will do the right thing, whether that’s something simple (like using whatever browser is already running) or something complex (like prompting you to pick a browser, but only when you hold down the shift key and click on a link to google.com).

You will find the main reason why I bought Choosy when you open its settings panel and navigate to the “Advanced” tab. Here you can go mad and add custom behavior rules like this: