Setting up macOS Keychain clients

The CodeSign Protect client for macOS includes the capability to integrate with macOS Keychain. Keychain integration allows code signing certificates to reside in the macOS native Keychain store, yet have the associated private keys hosted, managed, and protected by CodeSign Protect.

Keychain integration is installed as part of the CodeSign Protect client on macOS. Configuration and management of the Venafi Keychain driver is done using the tkdriverconfig command line utility. In addition, there is a status menu that provides an additional method to sync certificates.

Keychain integration supports both uploading existing certificates and issuing new certificates. Both methods are documented in this section.

Before getting started, you'll need a few things in place:

• A CodeSign Protect project. See Creating CodeSign Protect Projects for steps on setting up a project.
• The CodeSign Protect client installed on macOS code signing workstations, with the Keychain integration component installed. See Install CodeSign Protect Clients on signing workstations for installation instructions.
• The URL to the Trust Protection Platform server and the user credentials for the identity being set up as the Key User.

Once initial setup is done, use the pages in this section to configure Keychain integration.