Enable macOS Terminal secure keyboard entry to prevent keystroke logging and keystroke interception
This Automox Worklet™ enables Secure Keyboard Entry for the console user on macOS endpoints. Secure Keyboard Entry is a built-in macOS Terminal security feature that isolates keyboard input from other processes, preventing local applications and network-based keyloggers from detecting what is typed into Terminal.
The Worklet reads the current Secure Keyboard Entry status for the active user's Terminal application by querying the Terminal defaults database. If Secure Keyboard Entry is disabled, the Worklet enables it using the defaults write command with the SecureKeyboardEntry preference set to true.
Malicious applications with accessibility permissions can capture keyboard input in macOS Terminal sessions. Keyloggers and spyware use these accessibility APIs to record passwords, command-line credentials, SSH keys, and other sensitive data entered by administrators. This information allows attackers to escalate privileges and move laterally through your environment.
Secure keyboard entry prevents other applications from monitoring what users type in Terminal windows. When enabled, macOS blocks all keyboard event monitoring for Terminal sessions, protecting sensitive data like database passwords, API keys, and encryption passphrases that administrators frequently enter at the command line.
Evaluation phase: The Worklet identifies the currently logged-in console user and queries the Terminal application defaults database to check the current value of SecureKeyboardEntry. If the value is 0 (disabled), the evaluation fails and the Worklet proceeds to remediation.
Remediation phase: The Worklet writes SecureKeyboardEntry as a boolean true value to the Terminal application defaults for the console user, enabling Secure Keyboard Entry immediately.
macOS 10.7 (Lion) or later
Must run as the console user (automatically detected)
RunNow compatible for immediate execution
No additional macOS security permissions required beyond standard user defaults access
After remediation, Terminal.app blocks external applications from monitoring keyboard input. Administrators can continue using Terminal normally while their keystrokes remain protected from accessibility-based keyboard capture. The secure keyboard entry setting persists across reboots and user sessions.
You can verify the configuration by checking Terminal preferences or reviewing Worklet output in the Automox console. The setting activates immediately upon remediation, protecting all subsequent Terminal sessions from keyboard monitoring attempts.Secure Keyboard Entry checkbox is enabled.
Run this Worklet on a pilot macOS endpoint and review evaluation output for enable secure keyboard entry.
Confirm Automox activity logs show successful completion and exit code 0.
Verify endpoint state using checks aligned to evaluation script logic, such as exit.
Validate remediation effects from script operations such as sudo, else, exit, then rerun evaluation for compliance.
For technical validation, compare endpoint state to the Worklet evaluation logic and remediation flow for enable secure keyboard entry. This supports repeatable security workflows, faster change control review, and auditable compliance evidence.
Useful script references for this Worklet include evaluation operations such as exit and remediation operations such as sudo, else, exit. Use these indicators to verify that endpoint changes match intended policy outcomes.


By submitting this form you agree to our Master Services Agreement and Privacy Policy.
Already have an account? Log in
Consider Worklets your easy button
A Worklet is an automation script, written in Bash or PowerShell, designed for seamless execution on endpoints – at scale – within the Automox platform. Worklet automation scripts perform configuration, remediation, and the installation or removal of applications and settings across Windows, macOS, and Linux.

AUTOMOX + WORKLETS™
Uncover new possibilities with simple, powerful automation.
By submitting this form you agree to our Master Services Agreement and Privacy Policy