Maccy Enterprise Mac Deployment — Homebrew, Jamf & MDM Guide
Maccy is MIT-licensed, Apple-signed, and deployable via Homebrew. Zero per-seat cost. Here is a complete guide to deploying Maccy across enterprise Macs using Jamf Pro, Munki, Ansible, or any MDM that supports shell commands.
Summary. Maccy deploys silently via brew install --cask maccy in Jamf Pro, Munki, or any MDM that runs shell commands. The binary is Apple-signed and notarised — no additional trust configuration needed. Pre-configure settings via defaults write com.p0deje.Maccy commands, push them in your MDM, and Maccy is ready on first launch with your organisation's defaults.
Why teams choose Maccy for enterprise deployment
Most clipboard managers for macOS are distributed through the App Store or require account-based licencing — neither of which scales cleanly to hundreds of Macs. Maccy is different:
- MIT licence — no per-seat fees, no volume pricing, unlimited deployment
- Homebrew Cask — standard package manager integration, scriptable, version-locked if needed
- Signed and notarised — Apple-notarised binary passes Gatekeeper on all Macs without manual trust
- No network dependency — works fully offline after installation, no runtime licence checks
- Open source — security teams can audit the code before approving deployment
Installation methods for enterprise
Method 1: Homebrew Cask (recommended)
The cleanest deployment path. Add to your Brewfile or run as a shell command:
brew install --cask maccy
This downloads the latest signed binary, verifies it, and installs it to /Applications. No interaction required.
Method 2: Direct .dmg via script
If Homebrew is not available in your environment:
curl -sL "https://github.com/p0deje/Maccy/releases/latest/download/Maccy.dmg" -o /tmp/Maccy.dmg
hdiutil attach /tmp/Maccy.dmg -nobrowse -quiet
cp -R "/Volumes/Maccy/Maccy.app" /Applications/
hdiutil detach "/Volumes/Maccy" -quiet
rm /tmp/Maccy.dmg
Method 3: Jamf Pro
In Jamf, create a Policy with a Script payload containing:
#!/bin/bash
/usr/local/bin/brew install --cask maccy 2>&1 | logger -t JamfMaccy
exit 0
Scope to your target Smart Group and set Trigger to “Enrollment Complete” or a recurring check-in. Maccy will be installed silently on first check-in for targeted Macs.
Pre-configuring Maccy via defaults
Maccy stores all preferences in the macOS defaults system under com.p0deje.Maccy. Push these before or after deployment using defaults write commands in your provisioning script:
# History size (default 200; max 999999)
defaults write com.p0deje.Maccy historySize -int 2000
# Auto-paste on selection (without pressing Return)
defaults write com.p0deje.Maccy pasteByDefault -bool true
# Keep history across restarts
defaults write com.p0deje.Maccy clearOnQuit -bool false
# Ignore specific bundle IDs (separate with commas)
defaults write com.p0deje.Maccy ignoredApps -array "com.1password.1password" "com.bitwarden.desktop" "com.dashlane.Dashlane" "com.google.Chrome.incognito"
# Suppress the welcome screen on first launch
defaults write com.p0deje.Maccy showInStatusBar -bool true
These commands can be embedded directly in your Jamf policy script, your Ansible playbook, or your Munki's postinstall_script.
Granting Accessibility permission at scale
Maccy requires Accessibility permission to paste items into other apps. On managed Macs, you can pre-grant this permission via a Privacy Preferences Policy Control (PPPC) profile pushed through your MDM:
<!-- Add to your MDM PPPC configuration profile -->
<dict>
<key>Identifier</key>
<string>com.p0deje.Maccy</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>CodeRequirement</key>
<string>anchor apple generic and identifier "com.p0deje.Maccy"
and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */
or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */
and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */
and certificate leaf[subject.OU] = "F572BNV5RF")</string>
<key>Accessibility</key>
<string>Allow</string>
</dict>
The team ID F572BNV5RF is Maccy's Apple Developer signing identity. Push this profile via Jamf, Mosyle, Kandji, or any MDM that supports PPPC payloads.
Keeping Maccy updated at scale
Via Homebrew: brew upgrade --cask maccy can be run as a recurring policy. Lock to a specific version with brew install --cask [email protected] if you need version-controlled rollouts.
Enterprise questions
Does Maccy need a licence key for enterprise use?
No. The MIT licence permits unlimited installation and commercial use with no licence keys, no seats, and no volume agreements. You can install Maccy on every Mac in your organisation today.
Is Maccy HIPAA or SOC 2 compliant?
Maccy stores clipboard data locally on the device only, sends no telemetry, and requires no network connection. This architecture is compatible with most compliance frameworks. Consult your compliance team for a formal assessment; the open-source code is available for review at github.com/p0deje/Maccy.
What happens if an employee disables Maccy?
Maccy is a user-space utility, not an agent. Users can quit it or uninstall it. If persistent presence is required (for example, ensuring clipboard history is always active for audit purposes), that is a policy decision to be enforced via MDM configuration management.
Can I configure Maccy to ignore Slack or Microsoft Teams?
Yes. Add the bundle IDs to the ignoredApps defaults key: com.tinyspeck.slackmacgap for Slack and com.microsoft.teams2 for Teams. This prevents messages copied in those apps from entering the clipboard history.