A reliable solution is using an encryption/decryption routine.
You have to pre-encrypt the data, so the application has only to decrypt it.
I use jobu’s subroutine from this thread,
Step 1: generate the key
the script generates a list of 3 random strings with each 25 characters,
the literal list will copied to the clipboard
property characterList : "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
set cryptKey to "{"
repeat 3 times
set x to ""
repeat 25 times
set x to x & some item of characterList
end repeat
set cryptKey to cryptKey & quote & x & "\", "
end repeat
set the clipboard to text 1 thru -3 of cryptKey & "}"
Step 2: encrypt username and password
paste the list on the clipboard into the property line, it must look like
property cryptKey : {"ItaY6C3jq7m7wCLrWuS9diYAy", "63S5x8NYiJ5SNmhUJoqj7PfAH", "oNXkmvqplvVthTJ0WCNhTFYf5"}
set user_name to "myUserName"
set pass_word to "mypassword"
set encryptedUsername to (eS(user_name, gK(), "e")) --> save value
set encryptedPassword to (eS(pass_word, gK(), "e")) --> save value
property cryptKey : {} -- paste list here
to eS(inS, inK, inM)
(* 'Encrypt String':
This handler uses the blowfish encryption available in openssl.
The handler is configured to accept the string to be encrypted, the key to use
(generated by the 'gK()' handler below), and the mode to pass to the openssl
call... either encrypt("e") or decrypt("d"). *)
return do shell script ("echo " & (quoted form of inS) & " | openssl enc -bf -" & inM & " -pass pass:" & (quoted form of inK) & " -salt -a")
end eS
to gK()
(* 'Get Key':
This handler assembles a password(encryption key) to use with the blowfish script
This is done to better hide the key in the script, so people reading through a
compiled, run-only script will have a difficult time determining what the key is. *)
return ((characters 8 through 13 of (item 2 of cryptKey)) & (characters 2 through 6 of (item 3 of cryptKey)) & (characters 19 through 23 of (item 1 of cryptKey))) as string
end gK
Note: you can change the numbers x through y
Step 3: decrypt username and password in your final script
the script uses the same routines eS() and gK() with the generated (pasted) keylist.
It must included in the final script
set user_name to (eS(encryptedUsername, gK(), "d"))
set pass_word to (eS(encryptedPassword, gK(), "d"))
property cryptKey : {} -- pasted list
to eS(inS, inK, inM)
(* 'Encrypt String':
.