You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
security_cmd library and keychain resource should be able to update an existing keychain's password
Describe the reasoning behind the feature
Currently the keychain resource can create and delete keychains, and it can lock a keychain, and it can unlock a keychain with a password. But there is currently no mechanism for updating the password for that keychain other than deleting it and creating a new one from scratch with whatever password you want.
Usefulness is somewhat debatable. For a machine completely managed by Chef, rebuilding a keychain from scratch should be no big deal as everything that gets put into the keychain should get automatically re-added assuming your recipes handle this situation. But it can still be a lot of wasted work for your machine.
For machines less managed by chef, throwing away a keychain can be quite disruptive. Certs need to be re-added, saved passwords are forgotten, apps forget your login status, utilities need to be re-granted permission to access the keychain, etc.
Potential implementation
This is functionality that the actual security command line utility can provide via security set-keychain-password ..., so this could be implemented by adding support for that command to security_cmd.rb
The text was updated successfully, but these errors were encountered:
Describe the feature
security_cmd library and keychain resource should be able to update an existing keychain's password
Describe the reasoning behind the feature
Currently the keychain resource can create and delete keychains, and it can lock a keychain, and it can unlock a keychain with a password. But there is currently no mechanism for updating the password for that keychain other than deleting it and creating a new one from scratch with whatever password you want.
Usefulness is somewhat debatable. For a machine completely managed by Chef, rebuilding a keychain from scratch should be no big deal as everything that gets put into the keychain should get automatically re-added assuming your recipes handle this situation. But it can still be a lot of wasted work for your machine.
For machines less managed by chef, throwing away a keychain can be quite disruptive. Certs need to be re-added, saved passwords are forgotten, apps forget your login status, utilities need to be re-granted permission to access the keychain, etc.
Potential implementation
This is functionality that the actual
security
command line utility can provide viasecurity set-keychain-password ...
, so this could be implemented by adding support for that command tosecurity_cmd.rb
The text was updated successfully, but these errors were encountered: