Keychain addition during imaging


Hey all,

Is there a way to add an entry to the Keychain during imaging with a script? Basically, I'd like to use one base image, but insert one of a few scripts somewhere that will add the client to a specified wireless SSID. Possible, or does the SSID have to be added to the keychain before taking a base image?


Jeffrey A. Strauss
Department of Educational Technology
Systems Administrator
Loyola High School of Los Angeles
1901 Venice Blvd.
Los Angeles, Ca 90006
(213) 381-5121 x265

Please consider the environment before printing this e-mail.


Honored Contributor

I have Apple Enterprise support and I tried doing this exact same thing. This is what I was told by Apple engineers in a nutshell. Using the
networksetup binary along with the security binary fill in fact add the
SSID you want and it will create a keychain, however there is no way to
input any kind of encryption key due to it's limitation. I was told by
them to just replace the whole system keychain, which can be packaged
with Composer and installed as a post image package.

here is the down side, it will over write any existing keychain thus
destroying anything the user has in place with their keychain. If you
sync user keychains I am not sure what would happen. I asked them to
forward it to development as a feature request.

If you can actually make it work I would love to know I came up with
dead ends and ended up creating a new package via Composer.

Thomas Larkin
TIS Department
tlarki at
blackberry: 913-449-7589
office: 913-627-0351

Valued Contributor

How secure does it have to be?
The following, as an "at reboot" script should do the trick.

networksetup -setairportnetwork <network> <password>

Of course, that means putting a password in a script, which shouldn't be
done lightly.

Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
voice: 1-347-277-7321
miles.leacy at


So u want to add a wireless ssid to a computer with a password that the client doesn't have?

Rather than get each client to login to the ssid?

Is that right? So when they login the mac connects to the ssid with an existing password


Honored Contributor

That will not add in the encryption key into the keychain though, that
is the whole snag

Thomas Larkin
TIS Department
tlarki at
blackberry: 913-449-7589
office: 913-627-0351