add-generic-password [-h] [-a account] [-s service] [-w password] [options...] [keychain]
Add a generic password item.
-a account Specify account name (required)
-c creator Specify item creator (optional four-character code)
-C type Specify item type (optional four-character code)
-D kind Specify kind (default is "application password")
-G value Specify generic attribute value (optional)
-j comment Specify comment string (optional)
-l label Specify label (if omitted, service name is used as default label)
-s service Specify service name (required)
-p password Specify password to be added (legacy option, equivalent to -w)
-w password Specify password to be added
-A Allow any application to access this item without warning (insecure, not recommended!)
mended!)
-T appPath Specify an application which may access this item (multiple -T options are
allowed)
-U Update item if it already exists (if omitted, the item cannot already exist)
By default, the application which creates an item is trusted to access its data without warning.
You can remove this default access by explicitly specifying an empty app pathname: -T "". If no
keychain is specified, the password is added to the default keychain.
add-internet-password [-h] [-a account] [-s server] [-w password] [options...] [keychain]
Add an internet password item.
-a account Specify account name (required)
-c creator Specify item creator (optional four-character code)
-C type Specify item type (optional four-character code)
-d domain Specify security domain string (optional)
-D kind Specify kind (default is "application password")
-j comment Specify comment string (optional)
-l label Specify label (if omitted, service name is used as default label)
-p path Specify path string (optional)
-P port Specify port number (optional)
-r protocol Specify protocol (optional four-character SecProtocolType, e.g. "http", "ftp ")
-s server Specify server name (required)
-t authenticationType
Specify authentication type (as a four-character SecAuthenticationType, default
is "dflt")
-w password Specify password to be added
-A Allow any application to access this item without warning (insecure, not recommended!)
mended!)
-T appPath Specify an application which may access this item (multiple -T options are
allowed)
-U Update item if it already exists (if omitted, the item cannot already exist)
By default, the application which creates an item is trusted to access its data without warning.
You can remove this default access by explicitly specifying an empty app pathname: -T "". If no
keychain is specified, the password is added to the default keychain.
add-certificates [-h] [-k keychain] file...
Add certficates contained in the specified files to the default keychain. The files must contain
one DER encoded X509 certificate each.
-k keychain Use keychain rather than the default keychain.
“Security is mostly a superstition. It does not exist in nature, nor do the children of men as a whole experience it. Avoiding danger is no safer in the long run than outright exposure. Life is either a daring adventure, or nothing” ~ Helen Keller
Related macOS commands:
security - Administer Keychains, keys, certificates and the Security framework.