Is it possible to access and modify iCloud keychain from command line (or automation)

I am very aware how to access the keychain itself from the command line, what I seem to be unable to figure out, however, is if I can access the iCloud keychain from the command line as well. Currently the only way I've been able to access it is via the Keychain Access tool.

The situation I'm trying to deal with is that I have a password that changes weekly and I'm able to update the entry via command line in the System keychain, however the iCloud entry does not change. When I try to connect to the Wi-Fi network it seems to use the iCloud password and then throws an error if it doesn't match.

Keychain Access clip

If I manually remove the iCloud keychain entry via Keychain Access it will use the System keychain password.

My hope was to automate the removal of the iCloud keychain entry item via command line tools or manually editing some plist or something.

Any help is appreciated. Also if there is some funky way to use AppleScript to do this I'm all ears.


Solution 1:

iCloud Keychain is stored on disk in a different format than a traditional keychain ref1, ref2. It's located at ~/Library/Keychains/ in a folder named as a long UUID. You can see the modified timestamp change on the contents of that folder as you change something in your iCloud keychain.

Whilst you can use AppleScript and Usable Keychain Scripting to work with the system and login keychains, there's no way to access the iCloud keychain.

So the only option you're left with is to AppleScript GUI operation of the Keychain Access app.