2022-12-10
Recently, I attempted to add a trusted certificate to the macOS keychain in a Virtual Machine that was running in a CI environment. Annoyingly enough the build process failed, due to an interactive prompt requesting my user password. It's frustrating that the -p flag is not available for this sub-command, especially since it is commonly used in many of the other commands.
Nevertheless, there is a lesser-known workaround that has been circulating on the internet for some time now. I want to share it again to increase its visibility.
sudo security authorizationdb write com.apple.trust-settings.admin allow
sudo security add-trusted-cert -k /Library/Keychains/System.keychain -d -r trustRoot trusted.cert
sudo security authorizationdb remove com.apple.trust-settings.admin
The above snippet demonstrates how to temporarily disable and bypass the GUI prompt, add the cert, then immediately restore the safety feature. Altough it is an OK thing to do in my case (in an ephemeral VM), but you should know what you are doing.
Do it at your own risk.