-
Notifications
You must be signed in to change notification settings - Fork 51
Description
Describe the feature
security_cmd library and keychain resource should be able to update an existing keychain's password
Describe the reasoning behind the feature
Currently the keychain resource can create and delete keychains, and it can lock a keychain, and it can unlock a keychain with a password. But there is currently no mechanism for updating the password for that keychain other than deleting it and creating a new one from scratch with whatever password you want.
Usefulness is somewhat debatable. For a machine completely managed by Chef, rebuilding a keychain from scratch should be no big deal as everything that gets put into the keychain should get automatically re-added assuming your recipes handle this situation. But it can still be a lot of wasted work for your machine.
For machines less managed by chef, throwing away a keychain can be quite disruptive. Certs need to be re-added, saved passwords are forgotten, apps forget your login status, utilities need to be re-granted permission to access the keychain, etc.
Potential implementation
This is functionality that the actual security
command line utility can provide via security set-keychain-password ...
, so this could be implemented by adding support for that command to security_cmd.rb