Scripting Keychain First Aid

Not clear if there's a way to really "script" Keychain First Aid. It seems to be an embedded part of Keychain Access, not a separate app unto itself. You may be able to do something like this-

tell application "System Events"
    tell application "Keychain Access" to activate
    keystroke "a" using {command down, option down}
end tell

Only issue may be when running as a policy I don't know if it will correctly identify the current user, since it displays the logged in user's name and a password field when that comes up. You might need to put that code into a HEREDOC block and call it as the logged in user. Not really sure.

I also took a quick peek at the man page for "security" and I don't see anything about doing verify's or repairs on keychains. So it seems to be a GUI related function only from what I can tell.

I'm just commenting on the Ferret.

Its bossy.

I just looked through some terminal commands and none of them seem to coincide with Keychain so you might be stuck to Applescripting.

@mattlee, yes, ferrets rock. Thank you all for the help. I will have to go the applescript route.

Keychain first aid only helps with the password for the keychain itself. It doesn't do anything for items inside the keychain.

Didn't @Andrina show a great example of this at JNUC this year. I think she published the script somewhere as well. http://www.youtube.com/watch?v=AzlWdrRc1rY&list=PLlxHm_Px-Ie01lK6FgfdXhk-YuByY6X27&index=15

I believe her script deletes the keychain and recreates it.

It too is nice to have available. If not for your users but for L1 techs.

https://github.com/andrina/JNUC2013/blob/master/Users%20Do%20Your%20Job/deleteAndcreateKeychain.sh

Does Andrina's script require a restart after running?

@sardesm from what I've seen, yes, for maximum effectiveness a restart is required.

@krichterjr -- I have read a few of your posts regarding Keychain repair and it's been quite helpful! However, I am currently stuck on how exactly to enable Script Editor for assistive devices. I have tried variations of this:

sqlite3 /Library/Application Support/com.apple.TCC/TCC.db "INSERT INTO access VALUES('kTCCServiceAccessibility','/Applications/Utilities/Script Editor',1,1,1,NULL)"

But so far I have not had luck (referencing http://work.chrisdietrich.de)...it's going to sound dumb but I don't know how to reference Script Editor in this sqlite logic... there is a com.apple.scripteditor or something that I cannot find?

@rseys I haven't touched this since I originally worked on it and I have actually changed jobs since. With that said, I remember having difficulty with this part as well. I think I ended up saving the script as an Application and then added that Application to the Accessibility db instead of just ScriptEditor.

@rseys I just tested this out and I believe this should work you. I made a couple of small changes to what you had and this appears to work fine on my machine running 10.10.2. Hope this helps!

sqlite3 /Library/Application Support/com.apple.TCC/TCC.db "INSERT INTO access VALUES('kTCCServiceAccessibility','com.apple.ScriptEditor2',0,1,1,NULL)"

Worked like a champ! Thank you sir -- I wasn't quite sure how to find the Bundle Identifier (or that "Bundle Identifier" was what I was looking for specifically embarrassed). I looked at the contents of Script Editor and saw com.apple.scripteditor mentioned and assumed that was it.

Anyway, enjoy the new(?) role @krichterjr! I appreciate the assist