Hi
The PIV-<> keychain is a PIN-protected keychain which secures the use of smartcard credential. Because of this, the keystore is not able to retrieve it unless it is unlocked. It will be similar to get certificates from system keychain as it is allowed only for users with admin privilege.
You can go to the idea exchange to raise the idea so we will understand the need for this kind of use case: http://community.centrify.com/t5/Centrify-Idea-Exchange/idb-p/Centrify-Idea-Exchange
Also, you may want to take a look at derived credential feature in Centrify SaaS product which should be doing the same you wished: https://docs.centrify.com/en/centrify/adminref/index.html?version=1495753737#page/cloudhelp%2FderivedCreds.html
Best Regards,
Albert