is there a scripted way to delete a private key in the system keychain?
in the security help pages i found the find-key command (usr/bin/security/find-key) but i can't see a delete-key command.
when i delete the generated certificate, the certificate is deleted but the private key remains in the keychain. After a few months we have a bunch of unused private keys in the keychain of our users.
I had a similar problem, didn't worked for me in any command line and seems that this option is missing there (should be fixed in OSX 10.12.4 when security first introduces 'security delete-identity' parameter).
In case you need to support deletion of the private key in previous OS versions (in scripts or automations) feel free to use this: https://github.com/Cybereason/keychain-cleaner
Full explanation inside, along with the source code you can tweak and a compiled executable (if you want to use it as it is). Hope it helps...