salt.modules.mac_keychain
Install certificates into the keychain on Mac OS
New in version 2016.3.0.
-
Get the default keychain
- user
-
The user to check the default keychain of
- domain
-
The domain to use valid values are user|system|common|dynamic, the default is user
CLI Example:
salt '*' keychain.get_default_keychain
salt.modules.mac_keychain.get_default_keychain(user=None, domain='user')
-
Get the friendly name of the given certificate
- cert
-
The certificate to install
- password
-
The password for the certificate being installed formatted in the way described for openssl command in the PASS PHRASE ARGUMENTS section
Note: The password given here will show up as plaintext in the returned job info.
CLI Example:
salt '*' keychain.get_friendly_name /tmp/test.p12 test123
salt.modules.mac_keychain.get_friendly_name(cert, password)
-
Returns the hash of a certificate in the keychain.
- name
-
The name of the certificate (which you can get from keychain.get_friendly_name) or the location of a p12 file.
- password
-
The password that is used in the certificate. Only required if your passing a p12 file. Note: This will be outputted to logs
CLI Example:
salt '*' keychain.get_hash /tmp/test.p12 test123
salt.modules.mac_keychain.get_hash(name, password=None)
-
Install a certificate
- cert
-
The certificate to install
- password
-
The password for the certificate being installed formatted in the way described for openssl command in the PASS PHRASE ARGUMENTS section.
Note: The password given here will show up as plaintext in the job returned info.
- keychain
-
The keychain to install the certificate to, this defaults to /Library/Keychains/System.keychain
- allow_any
-
Allow any application to access the imported certificate without warning
- keychain_password
-
If your keychain is likely to be locked pass the password and it will be unlocked before running the import
Note: The password given here will show up as plaintext in the returned job info.
CLI Example:
salt '*' keychain.install test.p12 test123
salt.modules.mac_keychain.install(cert, password, keychain='/Library/Keychains/System.keychain', allow_any=False, keychain_password=None)
-
List all of the installed certificates
- keychain
-
The keychain to install the certificate to, this defaults to /Library/Keychains/System.keychain
CLI Example:
salt '*' keychain.list_certs
salt.modules.mac_keychain.list_certs(keychain='/Library/Keychains/System.keychain')
-
Set the default keychain
- keychain
-
The location of the keychain to set as default
- domain
-
The domain to use valid values are user|system|common|dynamic, the default is user
- user
-
The user to set the default keychain as
CLI Example:
salt '*' keychain.set_keychain /Users/fred/Library/Keychains/login.keychain
salt.modules.mac_keychain.set_default_keychain(keychain, domain='user', user=None)
-
Uninstall a certificate from a keychain
- cert_name
-
The name of the certificate to remove
- keychain
-
The keychain to install the certificate to, this defaults to /Library/Keychains/System.keychain
- keychain_password
-
If your keychain is likely to be locked pass the password and it will be unlocked before running the import
Note: The password given here will show up as plaintext in the returned job info.
CLI Example:
salt '*' keychain.install test.p12 test123
salt.modules.mac_keychain.uninstall(cert_name, keychain='/Library/Keychains/System.keychain', keychain_password=None)
-
Unlock the given keychain with the password
- keychain
-
The keychain to unlock
- password
-
The password to use to unlock the keychain.
Note: The password given here will show up as plaintext in the returned job info.
CLI Example:
salt '*' keychain.unlock_keychain /tmp/test.p12 test123
salt.modules.mac_keychain.unlock_keychain(keychain, password)
© 2021 SaltStack.
Licensed under the Apache License, Version 2.0.
https://docs.saltproject.io/en/latest/ref/modules/all/salt.modules.mac_keychain.html