Skip to main content
Solved

Scripting Keychain First Aid


Forum|alt.badge.img+12

Can anybody offer any insight as to how to go about scripting Keychain First Aid? I would like to add it as a Self Service Policy to repair keychain issues. Thanks!

Best answer by krichterjr

They may or may not help.

Here is an Apple Script that opens KeyChain Access and then KeyChain First Aid. The catch is Apple Script needs to be enabled for Assistive Devices. See more here https://jamfnation.jamfsoftware.com/discussion.html?id=9176#responseChild49975

tell application "Keychain Access" to activate
tell application "System Events"
    tell process "Keychain Access"
        click menu item "Keychain First Aid" of menu "Keychain Access" of menu bar 1
    end tell
end tell
View original
Did this topic help you find an answer to your question?

14 replies

mm2270
Forum|alt.badge.img+16
  • Legendary Contributor
  • 7880 replies
  • March 12, 2014

Not clear if there's a way to really "script" Keychain First Aid. It seems to be an embedded part of Keychain Access, not a separate app unto itself. You may be able to do something like this-

tell application "System Events"
    tell application "Keychain Access" to activate
    keystroke "a" using {command down, option down}
end tell

Only issue may be when running as a policy I don't know if it will correctly identify the current user, since it displays the logged in user's name and a password field when that comes up. You might need to put that code into a HEREDOC block and call it as the logged in user. Not really sure.

I also took a quick peek at the man page for "security" and I don't see anything about doing verify's or repairs on keychains. So it seems to be a GUI related function only from what I can tell.


Forum|alt.badge.img+12
  • Employee
  • 128 replies
  • Answer
  • March 12, 2014

They may or may not help.

Here is an Apple Script that opens KeyChain Access and then KeyChain First Aid. The catch is Apple Script needs to be enabled for Assistive Devices. See more here https://jamfnation.jamfsoftware.com/discussion.html?id=9176#responseChild49975

tell application "Keychain Access" to activate
tell application "System Events"
    tell process "Keychain Access"
        click menu item "Keychain First Aid" of menu "Keychain Access" of menu bar 1
    end tell
end tell

Forum|alt.badge.img+20
  • Valued Contributor
  • 732 replies
  • March 12, 2014

I'm just commenting on the Ferret.

Its bossy.


Forum|alt.badge.img+20
  • Valued Contributor
  • 732 replies
  • March 12, 2014

I just looked through some terminal commands and none of them seem to coincide with Keychain so you might be stuck to Applescripting.


Forum|alt.badge.img+12
  • Author
  • Contributor
  • 11 replies
  • March 12, 2014

@mattlee, yes, ferrets rock. Thank you all for the help. I will have to go the applescript route.


Forum|alt.badge.img+12
  • Contributor
  • 417 replies
  • March 12, 2014

Keychain first aid only helps with the password for the keychain itself. It doesn't do anything for items inside the keychain.


Forum|alt.badge.img+18
  • Valued Contributor
  • 278 replies
  • March 13, 2014

Didn't @Andrina show a great example of this at JNUC this year. I think she published the script somewhere as well. http://www.youtube.com/watch?v=AzlWdrRc1rY&list=PLlxHm_Px-Ie01lK6FgfdXhk-YuByY6X27&index=15


Forum|alt.badge.img+12
  • Employee
  • 128 replies
  • March 13, 2014

I believe her script deletes the keychain and recreates it.

It too is nice to have available. If not for your users but for L1 techs.

https://github.com/andrina/JNUC2013/blob/master/Users%20Do%20Your%20Job/deleteAndcreateKeychain.sh


Forum|alt.badge.img+10
  • Contributor
  • 41 replies
  • March 19, 2015

Does Andrina's script require a restart after running?


stevewood
Forum|alt.badge.img+35
  • Employee
  • 1797 replies
  • March 19, 2015

@sardesm from what I've seen, yes, for maximum effectiveness a restart is required.


Forum|alt.badge.img+5
  • Contributor
  • 46 replies
  • March 24, 2015

@krichterjr -- I have read a few of your posts regarding Keychain repair and it's been quite helpful! However, I am currently stuck on how exactly to enable Script Editor for assistive devices. I have tried variations of this:

sqlite3 /Library/Application Support/com.apple.TCC/TCC.db "INSERT INTO access VALUES('kTCCServiceAccessibility','/Applications/Utilities/Script Editor',1,1,1,NULL)"

But so far I have not had luck (referencing http://work.chrisdietrich.de)...it's going to sound dumb but I don't know how to reference Script Editor in this sqlite logic... there is a com.apple.scripteditor or something that I cannot find?


Forum|alt.badge.img+12
  • Employee
  • 128 replies
  • March 25, 2015

@rseys I haven't touched this since I originally worked on it and I have actually changed jobs since. With that said, I remember having difficulty with this part as well. I think I ended up saving the script as an Application and then added that Application to the Accessibility db instead of just ScriptEditor.


Forum|alt.badge.img+12
  • Employee
  • 128 replies
  • March 25, 2015

@rseys I just tested this out and I believe this should work you. I made a couple of small changes to what you had and this appears to work fine on my machine running 10.10.2. Hope this helps!

sqlite3 /Library/Application Support/com.apple.TCC/TCC.db "INSERT INTO access VALUES('kTCCServiceAccessibility','com.apple.ScriptEditor2',0,1,1,NULL)"

Forum|alt.badge.img+5
  • Contributor
  • 46 replies
  • March 25, 2015

Worked like a champ! Thank you sir -- I wasn't quite sure how to find the Bundle Identifier (or that "Bundle Identifier" was what I was looking for specifically embarrassed). I looked at the contents of Script Editor and saw com.apple.scripteditor mentioned and assumed that was it.

Anyway, enjoy the new(?) role @krichterjr! I appreciate the assist


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings