salt.modules.mac_keychain module

Install certificates into the keychain on Mac OS

New in version 2016.3.0.

salt.modules.mac_keychain.get_default_keychain(user=None, domain=u'user')

Get the default keychain

user
The user to check the default keychain of
domain
The domain to use valid values are user|system|common|dynamic, the default is user

CLI Example:

salt '*' keychain.get_default_keychain
salt.modules.mac_keychain.get_friendly_name(cert, password)

Get the friendly name of the given certificate

cert
The certificate to install
password

The password for the certificate being installed formatted in the way described for openssl command in the PASS PHRASE ARGUMENTS section

Note: The password given here will show up as plaintext in the returned job info.

CLI Example:

salt '*' keychain.get_friendly_name /tmp/test.p12 test123
salt.modules.mac_keychain.get_hash(name, password=None)

Returns the hash of a certificate in the keychain.

name
The name of the certificate (which you can get from keychain.get_friendly_name) or the location of a p12 file.
password
The password that is used in the certificate. Only required if your passing a p12 file. Note: This will be outputted to logs

CLI Example:

salt '*' keychain.get_hash /tmp/test.p12 test123
salt.modules.mac_keychain.install(cert, password, keychain=u'/Library/Keychains/System.keychain', allow_any=False, keychain_password=None)

Install a certificate

cert
The certificate to install
password

The password for the certificate being installed formatted in the way described for openssl command in the PASS PHRASE ARGUMENTS section.

Note: The password given here will show up as plaintext in the job returned info.

keychain
The keychain to install the certificate to, this defaults to /Library/Keychains/System.keychain
allow_any
Allow any application to access the imported certificate without warning
keychain_password

If your keychain is likely to be locked pass the password and it will be unlocked before running the import

Note: The password given here will show up as plaintext in the returned job info.

CLI Example:

salt '*' keychain.install test.p12 test123
salt.modules.mac_keychain.list_certs(keychain=u'/Library/Keychains/System.keychain')

List all of the installed certificates

keychain
The keychain to install the certificate to, this defaults to /Library/Keychains/System.keychain

CLI Example:

salt '*' keychain.list_certs
salt.modules.mac_keychain.set_default_keychain(keychain, domain=u'user', user=None)

Set the default keychain

keychain
The location of the keychain to set as default
domain
The domain to use valid values are user|system|common|dynamic, the default is user
user
The user to set the default keychain as

CLI Example:

salt '*' keychain.set_keychain /Users/fred/Library/Keychains/login.keychain
salt.modules.mac_keychain.uninstall(cert_name, keychain=u'/Library/Keychains/System.keychain', keychain_password=None)

Uninstall a certificate from a keychain

cert_name
The name of the certificate to remove
keychain
The keychain to install the certificate to, this defaults to /Library/Keychains/System.keychain
keychain_password

If your keychain is likely to be locked pass the password and it will be unlocked before running the import

Note: The password given here will show up as plaintext in the returned job info.

CLI Example:

salt '*' keychain.install test.p12 test123
salt.modules.mac_keychain.unlock_keychain(keychain, password)

Unlock the given keychain with the password

keychain
The keychain to unlock
password

The password to use to unlock the keychain.

Note: The password given here will show up as plaintext in the returned job info.

CLI Example:

salt '*' keychain.unlock_keychain /tmp/test.p12 test123