Chromium and macOS Environment Variables

Trying Chromium in macOS Mojave (10.14), I confronted with the popular issue regarding Google API key missing. After obtaining an API key along with client ID and secret, I put it on some shell startup scripts as following.

export GOOGLE_API_KEY="your_google_api_key"
export GOOGLE_DEFAULT_CLIENT_ID="your_client_id"
export GOOGLE_DEFAULT_CLIENT_SECRET="your_client_secret"

Even more careful, I also use launchctl setenv to ensure these variables are available for macOS GUI applications (usually launched via Finder, Dock, Spotlight or so).

[[ -x /bin/launchctl ]] && /bin/launchctl setenv GOOGLE_API_KEY $GOOGLE_API_KEY
[[ -x /bin/launchctl ]] && /bin/launchctl setenv GOOGLE_DEFAULT_CLIENT_ID $GOOGLE_DEFAULT_CLIENT_ID
[[ -x /bin/launchctl ]] && /bin/launchctl setenv GOOGLE_DEFAULT_CLIENT_SECRET $GOOGLE_DEFAULT_CLIENT_SECRET

Sadly, it didn’t work under Mojave. When launching Chrome from Finder or Dock, the warning is still there. It seems Apple has silently altered macOS a lot and many existing work-arounds stop working under Mojave.

There are also some working methods involving renaming the original executable binary /Applications/Chromium.app/Contents/MacOS/Chromium, creating a new script to launch Chrome in which the aforementioned variables are set properly (even leading to automated scripts like this). Personally, I don’t like these ways as they are rather intrusive and therefore less upgrade-proof (I guess future updates of Chromium will override these launching scripts and you must circumvent that) and only consider them last resort.

Fortunately, I have found an old StackOverflow’s topic with two methods that work perfectly fine for macOS Mojave and systems before that as you can see in that SO’s topic. Better then, they are much less intrusive and upgrade-friendly.

Method 1: Using Login Items

Step 1: Open the built-in app “Script Editor” in /Applications/Utilities/, enter the following content

do shell script "/bin/launchctl setenv GOOGLE_API_KEY your_google_api_key"
do shell script "/bin/launchctl setenv GOOGLE_DEFAULT_CLIENT_ID your_client_id"
do shell script "/bin/launchctl setenv GOOGLE_DEFAULT_CLIENT_SECRET your_client_secret"

and then save (⌘ + s) under the format “Application”. Behind the scene, it will create a new macOS application and wraps the script content inside.

Step 2: Go to “Settings” –> “Users and Groups” –> choose the tab “Login Items”, click + and either point to the newly created application or simply drag and drop it to the box above.

Step 3: Log out and log in again. Chromium should see the variables and shows no warning.

Method 2: Via LaunchAgents

Step 1: Create a file environments.plist inside the folder ~/Library/LaunchAgents with the following content:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>Label</key>
  <string>gui-environments</string>
  <key>ProgramArguments</key>
  <array>
    <string>sh</string>
    <string>-c</string>
    <string>
    /bin/launchctl setenv GOOGLE_API_KEY your_google_api_key
    /bin/launchctl setenv GOOGLE_DEFAULT_CLIENT_ID your_client_id
    /bin/launchctl setenv GOOGLE_DEFAULT_CLIENT_SECRET your_client_secret
    </string>
  </array>
  <key>RunAtLoad</key>
  <true/>
</dict>
</plist>

Step 2: Enable it with launchctl

launchctl load ~/Library/LaunchAgents/environments.plist

Step 3: There is no step 3, just launch Chromium and see that it should work without warning ;)

In this method, you don’t even need to log out or reboot. The variables are made available to launchctl after Step 2.

Conclusion

The aforementioned methods work flawlessly under macOS Mojave (10.14) and less intrusive with respect to the target applications. As a result, we can upgrade or change the applications without concerning about re-creating, updating or changing the launching scripts. The only caveat is that, the environment variables will be exposed to all applications, and hence, could lead to some security concerns (e.g. regarding Google keys and secrets).

In that same SO’s topic, there is also a slightly different way to elevate a bit more to make it work for the whole system instead of only the particular user. It involves in putting the main script where environment vars are set in /etc/environment and creating a launching agent in /Library/LaunchAgents/ along with another daemon service in /Library/LaunchDaemons/ to monitor the content of /etc/environment.

Related Articles

comments powered by Disqus