salt.modules.mac_keychain module¶

Install certificates into the keychain on Mac OS

New in version 2016.3.0.

salt.modules.mac_keychain.get_default_keychain(user=None, domain='user')¶

Get the default keychain

user: The user to check the default keychain of
domain: The domain to use valid values are user|system|common|dynamic, the default is user

CLI Example:

salt '*' keychain.get_default_keychain

salt.modules.mac_keychain.get_friendly_name(cert, password)¶

Get the friendly name of the given certificate

cert

The certificate to install

password

The password for the certificate being installed formatted in the way described for openssl command in the PASS PHRASE ARGUMENTS section

Note: The password given here will show up as plaintext in the returned job info.

CLI Example:

salt '*' keychain.get_friendly_name /tmp/test.p12 test123

salt.modules.mac_keychain.get_hash(name, password=None)¶

Returns the hash of a certificate in the keychain.

name: The name of the certificate (which you can get from keychain.get_friendly_name) or the location of a p12 file.
password: The password that is used in the certificate. Only required if your passing a p12 file. Note: This will be outputted to logs

CLI Example:

salt '*' keychain.get_hash /tmp/test.p12 test123

salt.modules.mac_keychain.install(cert, password, keychain='/Library/Keychains/System.keychain', allow_any=False, keychain_password=None)¶

Install a certificate

cert

The certificate to install

password

The password for the certificate being installed formatted in the way described for openssl command in the PASS PHRASE ARGUMENTS section.

Note: The password given here will show up as plaintext in the job returned info.

keychain

The keychain to install the certificate to, this defaults to /Library/Keychains/System.keychain

allow_any

Allow any application to access the imported certificate without warning

keychain_password

If your keychain is likely to be locked pass the password and it will be unlocked before running the import

Note: The password given here will show up as plaintext in the returned job info.

CLI Example:

salt '*' keychain.install test.p12 test123

salt.modules.mac_keychain.list_certs(keychain='/Library/Keychains/System.keychain')¶

List all of the installed certificates

keychain: The keychain to install the certificate to, this defaults to /Library/Keychains/System.keychain

CLI Example:

salt '*' keychain.list_certs

salt.modules.mac_keychain.set_default_keychain(keychain, domain='user', user=None)¶

Set the default keychain

keychain: The location of the keychain to set as default
domain: The domain to use valid values are user|system|common|dynamic, the default is user
user: The user to set the default keychain as

CLI Example:

salt '*' keychain.set_keychain /Users/fred/Library/Keychains/login.keychain

salt.modules.mac_keychain.uninstall(cert_name, keychain='/Library/Keychains/System.keychain', keychain_password=None)¶

Uninstall a certificate from a keychain

cert_name

The name of the certificate to remove

keychain

The keychain to install the certificate to, this defaults to /Library/Keychains/System.keychain

keychain_password

If your keychain is likely to be locked pass the password and it will be unlocked before running the import

Note: The password given here will show up as plaintext in the returned job info.

CLI Example:

salt '*' keychain.install test.p12 test123

salt.modules.mac_keychain.unlock_keychain(keychain, password)¶

Unlock the given keychain with the password

keychain

The keychain to unlock

password

The password to use to unlock the keychain.

Note: The password given here will show up as plaintext in the returned job info.

CLI Example:

salt '*' keychain.unlock_keychain /tmp/test.p12 test123