Keychain Access Control command line

digitc6mdm
New Contributor II

b8e8c051d3b34136a6a72257b05c9560
Dear community,

I'm looking for a command line to add in the script that would allow all applications to access this item on Keychain Access Control.

8 REPLIES 8

jleomcdo
Contributor

man page for security add-generic-password command show
-A Allow any application to access this item without warning

Are you using the security add-generic-password command?

digitc6mdm
New Contributor II

@jleomcdo

Can you please help me with full command. When i activate the proxy, in keychain appear 2 registrations (internet password) for for which i wants to allow all aplication to access this items whtiout any confirmation or other promnt

jleomcdo
Contributor
security add-internet-password -a USERNAME -l LABEL -s ps-bxl-usr.cec.eu.int -r http -P 8080 -A

-a is the Account Name or username
-l (lower L) is Label
-s is the Server address
-r is protocol
-A is Allow all to access

See if that works. You can run this command to see all the options "security add-internet-password help"

digitc6mdm
New Contributor II

Dear @ jleomcdo thanks a lot for your help!

I executed this command, but unfortunately it creates a new record but does not modify the existing ones. upon opening the browser again ita329be626de542498777cb3aa49d4321 asks me for a proxy and then creates the same records again

mm2270
Legendary Contributor III

It's hit or miss in my experience with it, but you can try adding the -U flag to "update" the existing record. Relevant entry from the manpage that shows that flag toward the bottom:

add-internet-password [-h] [-a account] [-s server] [-w password] [options...] [keychain] Add an internet password item. -a account Specify account name (required) -c creator Specify item creator (optional four-character code) -C type Specify item type (optional four-character code) -d domain Specify security domain string (optional) -D kind Specify kind (default is "application password") -j comment Specify comment string (optional) -l label Specify label (if omitted, service name is used as default label) -p path Specify path string (optional) -P port Specify port number (optional) -r protocol Specify protocol (optional four-character SecPro- tocolType, e.g. "http", "ftp ") -s server Specify server name (required) -t authenticationType Specify authentication type (as a four-character SecAuthenticationType, default is "dflt") -w password Specify password to be added. Put at end of com- mand to be prompted (recommended) -A Allow any application to access this item without warning (insecure, not recommended!) -T appPath Specify an application which may access this item (multiple -T options are allowed) -U Update item if it already exists (if omitted, the item cannot already exist)

jleomcdo
Contributor

I forgot about the -U update flag. Good call.

I'd suggest that you open the record in the Keychain that is made by the browser and then compare that to the one you made with the command line. You might need to add / modify some of the fields, like "Label" or the protocol or add a port number. Play around with the "security add-internet-password" command and get it to make the keychain item exactly like the one that the browsers makes. Once you can do that, then add the -U to your command. Then give it a try

yuenhongtang
New Contributor III

Hi,
If i need to app the app to allow in the keychain certs private key. What is the full comd that i can use? -T appPath Specify an application which may access this item (multiple -T options are allowed)

I don't think there is anyway using security to do this after the key has been imported.