Install certificates into the keychain on Mac OS
New in version 2016.3.0.
salt.modules.mac_keychain.
get_default_keychain
(user=None, domain='user')¶Get the default keychain
The user to check the default keychain of
The domain to use valid values are user|system|common|dynamic, the default is user
CLI Example:
salt '*' keychain.get_default_keychain
salt.modules.mac_keychain.
get_friendly_name
(cert, password)¶Get the friendly name of the given certificate
The certificate to install
The password for the certificate being installed formatted in the way described for openssl command in the PASS PHRASE ARGUMENTS section
Note: The password given here will show up as plaintext in the returned job info.
CLI Example:
salt '*' keychain.get_friendly_name /tmp/test.p12 test123
salt.modules.mac_keychain.
get_hash
(name, password=None)¶Returns the hash of a certificate in the keychain.
The name of the certificate (which you can get from keychain.get_friendly_name) or the location of a p12 file.
The password that is used in the certificate. Only required if your passing a p12 file. Note: This will be outputted to logs
CLI Example:
salt '*' keychain.get_hash /tmp/test.p12 test123
salt.modules.mac_keychain.
install
(cert, password, keychain='/Library/Keychains/System.keychain', allow_any=False, keychain_password=None)¶Install a certificate
The certificate to install
The password for the certificate being installed formatted in the way described for openssl command in the PASS PHRASE ARGUMENTS section.
Note: The password given here will show up as plaintext in the job returned info.
The keychain to install the certificate to, this defaults to /Library/Keychains/System.keychain
Allow any application to access the imported certificate without warning
If your keychain is likely to be locked pass the password and it will be unlocked before running the import
Note: The password given here will show up as plaintext in the returned job info.
CLI Example:
salt '*' keychain.install test.p12 test123
salt.modules.mac_keychain.
list_certs
(keychain='/Library/Keychains/System.keychain')¶List all of the installed certificates
The keychain to install the certificate to, this defaults to /Library/Keychains/System.keychain
CLI Example:
salt '*' keychain.list_certs
salt.modules.mac_keychain.
set_default_keychain
(keychain, domain='user', user=None)¶Set the default keychain
The location of the keychain to set as default
The domain to use valid values are user|system|common|dynamic, the default is user
The user to set the default keychain as
CLI Example:
salt '*' keychain.set_keychain /Users/fred/Library/Keychains/login.keychain
salt.modules.mac_keychain.
uninstall
(cert_name, keychain='/Library/Keychains/System.keychain', keychain_password=None)¶Uninstall a certificate from a keychain
The name of the certificate to remove
The keychain to install the certificate to, this defaults to /Library/Keychains/System.keychain
If your keychain is likely to be locked pass the password and it will be unlocked before running the import
Note: The password given here will show up as plaintext in the returned job info.
CLI Example:
salt '*' keychain.install test.p12 test123
salt.modules.mac_keychain.
unlock_keychain
(keychain, password)¶Unlock the given keychain with the password
The keychain to unlock
The password to use to unlock the keychain.
Note: The password given here will show up as plaintext in the returned job info.
CLI Example:
salt '*' keychain.unlock_keychain /tmp/test.p12 test123