How to delete a keychain reference from command line

macos security command-line keychain
19,433

Solution 1

The delete-keychain command-line option to security deletes the keychain file and removes it from the search list of keychains. To just delete the reference of the keychain from the search list use list-keychains -s, rewriting the list while removing the one you want to disappear.

list-keychains vs. delete-keychain

At the command-line the references are handled by list-keychains and the database/keychain-file is handled by delete-keychain.

Usual workflow

# Get a list of user keychains, make a note of the names
security list-keychains -d user 

# Create a new keychain
security create-keychain -p password MyNew.keychain

# Adjust the 'references' by rewriting the search list
security list-keychains -s MyNew.keychain <space separated list of other keychains>

# Delete the keychain
security delete-keychain MyNew.keychain

Solution 2

You delete the file directly using rm command. Location will be one of the following depending upon whether the keychain is in system domain or user domain.

System domain keychain location

$ ls -l /Library/Keychains/
total 392
-rw-r--r--  1 root  wheel  20460 Aug 21  2014 ConnectedBackup.keychain
-rw-r--r--  1 root  wheel  23732 Aug 21  2014 FileVaultMaster.keychain
-rw-r--r--  1 root  wheel  89560 Sep 19 21:37 System.keychain
-rw-r--r--  1 root  wheel  20460 Nov 10  2014 System.keychain-orig

User domain keychain location

$ ls -l ~/Library/Keychains/
total 1392
drwx------  8 Kevin  1437522721     272 Jul  1  2015 386EC17D-8428-522E-B9DD-CE89C60F0F10
-rw-r--r--@ 1 Kevin  1437522721   40776 Jan 25  2016 Microsoft_Entity_Certificates
-rw-r--r--@ 1 Kevin  1437522721   34368 Jan 25  2016 Microsoft_Intermediate_Certificates
-rw-r--r--@ 1 Kevin  1437522721  513136 Sep 27 20:05 login.keychain
-rw-------  1 Kevin  1437522721   87552 Sep 28 16:59 metadata.keychain

So if you want to delete login keychain from user domain you would

$ rm -rf ~/Library/Keychains/login.keychain

(Name of the keychain as it appears in the keychain utility is filename without the suffix .keychain)

EDIT

macOS Sierra and above have -db extensions

Share:
19,433
Anubis
Author by

Anubis

There is no programming language–no matter how structured–that will prevent programmers from making bad programs.

Updated on June 04, 2022

Comments

  • Anubis
    Anubis almost 2 years

    From the Keychain app I have the option to delete just the reference to a listed Keychain that was unlocked and listed via command line. Keychain app But from the command line (man security) I don't seem to have this option but to delete the file + reference to this keychain.

    security command man

    How can I just remove a reference to a keychain I unlocked previously from the command line? I want to clean up and remove (unlist?) the keychain again after I performed some operations with it (because it remains visible in the Keychain app if not deleted).

  • Anubis
    Anubis over 7 years
    But i do not want to remove the file, just the reference!
  • JamesWebbTelescopeAlien
    JamesWebbTelescopeAlien over 7 years
    @anubis My assumption is that it is not possible. If you just want to remove reference then move files to some other location of your choice out of /Library/Keychains
  • Patrick D
    Patrick D over 6 years
    @Anubis that’s also what I want. Deleting keychain file and copying a new one with updated content (same file name - appstore.keychain) shows old content! That’s why I need a command that will either delete the references or refresh the content from file on disk. If anyone know how this works please tell us. Our iOS build farm of Mac minis is suffering an issue where AppStore keychain downloaded from a secure location is not able to be updated on build machine due to having old cert in keychain. But when I do exact same steps on a different set of Macs the content is updated.
  • Patrick D
    Patrick D over 6 years
    @PnotNP this did not work in my case. The Keychain Access app was able to delete references and keychain file but deleting file with rm command does not allow me to see new content when a keychain file with the same file and pathname as deleted one (with rm command) is copied into place. It shows in Keychain Access app with old expired cert. But a different Mac shows different results. Our build fleet Macs are on macOS 10.12.6 and fresh reboots daily. If I have to login to perform this action on a farm of 50 Macs to delete keychain in app I will be wasting a significant amount of time.
  • JamesWebbTelescopeAlien
    JamesWebbTelescopeAlien over 6 years
    @PatrickD "Remove reference" is just Keychain utility's prerogative. On the file system there is no reference but same plain old files. Keychain is keeping the reference. Your problem seems to be somewhere else not in the keychain itself.
  • JamesWebbTelescopeAlien
    JamesWebbTelescopeAlien over 6 years
    @PatrickD deleting with rm command then replacing with new file will not work either, because Keychain utility is smart enough to figure what you just did. Your best bet is to create new keychain or just modify content within the keychain and "refresh your apps" to use new content.
  • Patrick D
    Patrick D over 6 years
    Thanks @PnotNP, there was another file “appstore.keychain-db” which needed to be deleted. Apparently on macOS Sierra this is a new file that didn’t exist in previous versions (El Capitan, Yosemite). Removing that -db file solved my issue!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

KeyChain Security command line tool works with find-internet-passwords but not find-generic-passwords
Safari keeps asking permission to access the keychain
How can I launch Chrome with flags from command line more concisely?
Keychain password for macOS Flutter app on VM
How to stop "keychain access" permission dialog on MacOS when debugging Flutter app on Visual Studio Code?
Generate key pair on iphone and print to log as NSString
Update GitHub authentication to use token on macOS (rather than password)?
Install Command Line Developer Tools: can't install the software because it is not currently available from the software update server
How to copy files from Mac OS to Windows which are in same network using command line?
Increase memory for jMeter on command line