Not clear if there's a way to really "script" Keychain First Aid. It seems to be an embedded part of Keychain Access, not a separate app unto itself. You may be able to do something like this-

tell application "System Events"

    tell application "Keychain Access" to activate

    keystroke "a" using {command down, option down}

end tell

Only issue may be when running as a policy I don't know if it will correctly identify the current user, since it displays the logged in user's name and a password field when that comes up. You might need to put that code into a HEREDOC block and call it as the logged in user. Not really sure.

I also took a quick peek at the man page for "security" and I don't see anything about doing verify's or repairs on keychains. So it seems to be a GUI related function only from what I can tell.

They may or may not help.

Here is an Apple Script that opens KeyChain Access and then KeyChain First Aid. The catch is Apple Script needs to be enabled for Assistive Devices. See more here
https://jamfnation.jamfsoftware.com/discussion.html?id=9176#responseChild49975

tell application "Keychain Access" to activate

tell application "System Events"

    tell process "Keychain Access"

        click menu item "Keychain First Aid" of menu "Keychain Access" of menu bar 1

    end tell

end tell

I'm just commenting on the Ferret.

Its bossy.

I just looked through some terminal commands and none of them seem to coincide with Keychain so you might be stuck to Applescripting.

@mattlee, yes, ferrets rock. Thank you all for the help. I will have to go the applescript route.

Keychain first aid only helps with the password for the keychain itself. It doesn't do anything for items inside the keychain.

Didn't @Andrina show a great example of this at JNUC this year. I think she published the script somewhere as well. http://www.youtube.com/watch?v=AzlWdrRc1rY&list=PLlxHm_Px-Ie01lK6FgfdXhk-YuByY6X27&index=15

I believe her script deletes the keychain and recreates it.

It too is nice to have available. If not for your users but for L1 techs.

https://github.com/andrina/JNUC2013/blob/master/Users%20Do%20Your%20Job/deleteAndcreateKeychain.sh

Does Andrina's script require a restart after running?

@sardesm from what I've seen, yes, for maximum effectiveness a restart is required.

@krichterjr -- I have read a few of your posts regarding Keychain repair and it's been quite helpful! However, I am currently stuck on how exactly to enable Script Editor for assistive devices. I have tried variations of this:

sqlite3 /Library/Application Support/com.apple.TCC/TCC.db "INSERT INTO access VALUES('kTCCServiceAccessibility','/Applications/Utilities/Script Editor',1,1,1,NULL)"

But so far I have not had luck (referencing http://work.chrisdietrich.de)...it's going to sound dumb but I don't know how to reference Script Editor in this sqlite logic... there is a com.apple.scripteditor or something that I cannot find?

@rseys I haven't touched this since I originally worked on it and I have actually changed jobs since. With that said, I remember having difficulty with this part as well. I think I ended up saving the script as an Application and then added that Application to the Accessibility db instead of just ScriptEditor.

@rseys I just tested this out and I believe this should work you. I made a couple of small changes to what you had and this appears to work fine on my machine running 10.10.2. Hope this helps!

sqlite3 /Library/Application Support/com.apple.TCC/TCC.db "INSERT INTO access VALUES('kTCCServiceAccessibility','com.apple.ScriptEditor2',0,1,1,NULL)"

Worked like a champ! Thank you sir -- I wasn't quite sure how to find the Bundle Identifier (or that "Bundle Identifier" was what I was looking for specifically embarrassed). I looked at the contents of Script Editor and saw com.apple.scripteditor mentioned and assumed that was it.

Anyway, enjoy the new(?) role @krichterjr! I appreciate the assist