Skip to content

[FEATURE] keychain resource should be able to update an existing keychain's password #256

@aaronclarke

Description

@aaronclarke

Describe the feature

security_cmd library and keychain resource should be able to update an existing keychain's password

Describe the reasoning behind the feature

Currently the keychain resource can create and delete keychains, and it can lock a keychain, and it can unlock a keychain with a password. But there is currently no mechanism for updating the password for that keychain other than deleting it and creating a new one from scratch with whatever password you want.

Usefulness is somewhat debatable. For a machine completely managed by Chef, rebuilding a keychain from scratch should be no big deal as everything that gets put into the keychain should get automatically re-added assuming your recipes handle this situation. But it can still be a lot of wasted work for your machine.
For machines less managed by chef, throwing away a keychain can be quite disruptive. Certs need to be re-added, saved passwords are forgotten, apps forget your login status, utilities need to be re-granted permission to access the keychain, etc.

Potential implementation

This is functionality that the actual security command line utility can provide via security set-keychain-password ..., so this could be implemented by adding support for that command to security_cmd.rb

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions