salt.modules.mac_keychain#
Install certificates into the keychain on Mac OS
New in version 2016.3.0.
- salt.modules.mac_keychain.get_default_keychain(user=None, domain='user')#
Get the default keychain
- user
The user to check the default keychain of
- domain
The domain to use valid values are user|system|common|dynamic, the default is user
CLI Example:
salt '*' keychain.get_default_keychain
- salt.modules.mac_keychain.get_friendly_name(cert, password, legacy=False)#
Get the friendly name of the given certificate
- cert
The certificate to install
- password
The password for the certificate being installed formatted in the way described for openssl command in the PASS PHRASE ARGUMENTS section
Note: The password given here will show up as plaintext in the returned job info.
- legacy
Assume legacy format for certificate.
CLI Example:
salt '*' keychain.get_friendly_name /tmp/test.p12 test123 salt '*' keychain.get_friendly_name /tmp/test.p12 test123 legacy=True
- salt.modules.mac_keychain.get_hash(name, password=None)#
Returns the hash of a certificate in the keychain.
- name
The name of the certificate (which you can get from keychain.get_friendly_name) or the location of a p12 file.
- password
The password that is used in the certificate. Only required if your passing a p12 file. Note: This will be outputted to logs
CLI Example:
salt '*' keychain.get_hash /tmp/test.p12 test123
- salt.modules.mac_keychain.install(cert, password, keychain='/Library/Keychains/System.keychain', allow_any=False, keychain_password=None)#
Install a certificate
- cert
The certificate to install
- password
The password for the certificate being installed formatted in the way described for openssl command in the PASS PHRASE ARGUMENTS section.
Note: The password given here will show up as plaintext in the job returned info.
- keychain
The keychain to install the certificate to, this defaults to /Library/Keychains/System.keychain
- allow_any
Allow any application to access the imported certificate without warning
- keychain_password
If your keychain is likely to be locked pass the password and it will be unlocked before running the import
Note: The password given here will show up as plaintext in the returned job info.
CLI Example:
salt '*' keychain.install test.p12 test123
- salt.modules.mac_keychain.list_certs(keychain='/Library/Keychains/System.keychain')#
List all of the installed certificates
- keychain
The keychain to install the certificate to, this defaults to /Library/Keychains/System.keychain
CLI Example:
salt '*' keychain.list_certs
- salt.modules.mac_keychain.set_default_keychain(keychain, domain='user', user=None)#
Set the default keychain
- keychain
The location of the keychain to set as default
- domain
The domain to use valid values are user|system|common|dynamic, the default is user
- user
The user to set the default keychain as
CLI Example:
salt '*' keychain.set_keychain /Users/fred/Library/Keychains/login.keychain
- salt.modules.mac_keychain.uninstall(cert_name, keychain='/Library/Keychains/System.keychain', keychain_password=None)#
Uninstall a certificate from a keychain
- cert_name
The name of the certificate to remove
- keychain
The keychain to install the certificate to, this defaults to /Library/Keychains/System.keychain
- keychain_password
If your keychain is likely to be locked pass the password and it will be unlocked before running the import
Note: The password given here will show up as plaintext in the returned job info.
CLI Example:
salt '*' keychain.install test.p12 test123
- salt.modules.mac_keychain.unlock_keychain(keychain, password)#
Unlock the given keychain with the password
- keychain
The keychain to unlock
- password
The password to use to unlock the keychain.
Note: The password given here will show up as plaintext in the returned job info.
CLI Example:
salt '*' keychain.unlock_keychain /tmp/test.p12 test123