salt.modules.mac_keychain

Install certificates into the keychain on Mac OS

New in version 2016.3.0.

salt.modules.mac_keychain.get_default_keychain(user=None, domain='user')

Get the default keychain

user

The user to check the default keychain of

domain

The domain to use valid values are user|system|common|dynamic, the default is user

CLI Example:

salt '*' keychain.get_default_keychain
salt.modules.mac_keychain.get_friendly_name(cert, password, legacy=False)

Get the friendly name of the given certificate

cert

The certificate to install

password

The password for the certificate being installed formatted in the way described for openssl command in the PASS PHRASE ARGUMENTS section

Note: The password given here will show up as plaintext in the returned job info.

legacy

Assume legacy format for certificate.

CLI Example:

salt '*' keychain.get_friendly_name /tmp/test.p12 test123

salt '*' keychain.get_friendly_name /tmp/test.p12 test123 legacy=True
salt.modules.mac_keychain.get_hash(name, password=None)

Returns the hash of a certificate in the keychain.

name

The name of the certificate (which you can get from keychain.get_friendly_name) or the location of a p12 file.

password

The password that is used in the certificate. Only required if your passing a p12 file. Note: This will be outputted to logs

CLI Example:

salt '*' keychain.get_hash /tmp/test.p12 test123
salt.modules.mac_keychain.install(cert, password, keychain='/Library/Keychains/System.keychain', allow_any=False, keychain_password=None)

Install a certificate

cert

The certificate to install

password

The password for the certificate being installed formatted in the way described for openssl command in the PASS PHRASE ARGUMENTS section.

Note: The password given here will show up as plaintext in the job returned info.

keychain

The keychain to install the certificate to, this defaults to /Library/Keychains/System.keychain

allow_any

Allow any application to access the imported certificate without warning

keychain_password

If your keychain is likely to be locked pass the password and it will be unlocked before running the import

Note: The password given here will show up as plaintext in the returned job info.

CLI Example:

salt '*' keychain.install test.p12 test123
salt.modules.mac_keychain.list_certs(keychain='/Library/Keychains/System.keychain')

List all of the installed certificates

keychain

The keychain to install the certificate to, this defaults to /Library/Keychains/System.keychain

CLI Example:

salt '*' keychain.list_certs
salt.modules.mac_keychain.set_default_keychain(keychain, domain='user', user=None)

Set the default keychain

keychain

The location of the keychain to set as default

domain

The domain to use valid values are user|system|common|dynamic, the default is user

user

The user to set the default keychain as

CLI Example:

salt '*' keychain.set_keychain /Users/fred/Library/Keychains/login.keychain
salt.modules.mac_keychain.uninstall(cert_name, keychain='/Library/Keychains/System.keychain', keychain_password=None)

Uninstall a certificate from a keychain

cert_name

The name of the certificate to remove

keychain

The keychain to install the certificate to, this defaults to /Library/Keychains/System.keychain

keychain_password

If your keychain is likely to be locked pass the password and it will be unlocked before running the import

Note: The password given here will show up as plaintext in the returned job info.

CLI Example:

salt '*' keychain.install test.p12 test123
salt.modules.mac_keychain.unlock_keychain(keychain, password)

Unlock the given keychain with the password

keychain

The keychain to unlock

password

The password to use to unlock the keychain.

Note: The password given here will show up as plaintext in the returned job info.

CLI Example:

salt '*' keychain.unlock_keychain /tmp/test.p12 test123