Setting up macOS Keychain clients

The Code Sign Manager - Self-Hosted client for macOS includes the capability to integrate with macOS Keychain. Keychain integration allows code signing certificates to reside in the macOS native Keychain store, yet have the associated private keys hosted, managed, and protected by Code Sign Manager - Self-Hosted.

Keychain integration is installed as part of the Code Sign Manager - Self-Hosted client on macOS. Configuration and management of the CyberArk Keychain driver is done using the tkdriverconfig command line utility. In addition, there is a status menu that provides an additional method to sync certificates.

Keychain integration supports both uploading existing certificates and issuing new certificates. Both methods are documented in this section.

Before getting started, you'll need a few things in place:

• A Code Sign Manager - Self-Hosted project. See Creating Code Sign Manager - Self-Hosted Projects for steps on setting up a project.
• The Code Sign Manager - Self-Hosted client installed on macOS code signing workstations, with the Keychain integration component installed. See Install Code Sign Clients on signing workstations for installation instructions.
• The URL to the Trust Protection Foundation server and the user credentials for the identity being set up as the Key User.

Once initial setup is done, use the pages in this section to configure Keychain integration.