Thank you all for your responses. I am trying to add some trusted certificates to my keychain without prompting through Puppet. I decided to share my solution which might be useful for you or anybody else who reads this page. Using @dpotapov approach was a bit dangerous but the only way to make the automation possible, so I used the approach and did my stuff afterwards and removed the permissions in the end as follows sudo security authorizationdb write com.apple.trust-settings.admin allow ; Do your stuff here ; sudo security authorizationdb remove com.apple.trust-settings.admin To be exact, this is what I ran: security authorizationdb write com.apple.trust-settings.admin allow ; security add-trusted-cert -d -r trustAsRoot -p ssl -k "/Library/Keychains/System.keychain" /etc/ssl/ldap0.pem ; security authorizationdb remove com.apple.trust-settings.admin and the following command for a .crt file: security authorizationdb write com.apple.trust-settings.admin allow ; security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" /etc/ssl/mycert.crt ; security authorizationdb remove com.apple.trust-settings.admin @inakyMartinez hope this answered your question too in order to delete the permission you granted.