The opinions expressed on this blog are purely mine

Adding a trusted cert to macOS keychain non-interactively


Recently, I attempted to add a trusted certificate to the macOS keychain in a Virtual Machine that was running in a CI environment. Annoyingly enough the build process failed, due to an interactive prompt requesting my user password. It's frustrating that the -p flag is not available for this sub-command, especially since it is commonly used in many of the other commands.

Nevertheless, there is a lesser-known workaround that has been circulating on the internet for some time now. I want to share it again to increase its visibility.

sudo security authorizationdb write allow
sudo security add-trusted-cert -k /Library/Keychains/System.keychain -d -r trustRoot trusted.cert
sudo security authorizationdb remove

The above snippet demonstrates how to temporarily disable and bypass the GUI prompt, add the cert, then immediately restore the safety feature. Altough it is an OK thing to do in my case (in an ephemeral VM), but you should know what you are doing.

Do it at your own risk.