Menu
I'm doing a remote/automated build[1] of my Xcode projects[2] and in order to sign my apps, I add this line before the build.
security unlock-keychain -p keychainpassword
This works fine, and unlocks the SYSTEM keychains where the certificates are stored, but it's exposing the password for the user which the build agent is running on in the TeamCity interface for all to see.
The build process is running as a logged in user, and is self-contained... is there a way I can unlock the system/default keychain without providing the password?
I've just had a thought. What if I moved the certificates into the login's keychain (instead of system)? Would I still have to unlock it with a password?
Is this possible at all? Or should I set up a user which cannot do any damage and just build and do nothing else and expose that user's password?
[1] Using TeamCity, but irrelevant.
[2] iPhone projects, but again irrelevant.
621
If you don't remember your original password, you'll need to delete the keychain. Deleting a keychain also deletes all the password data saved in that keychain. Access menu. password provided.
In the Keychain Access app on your Mac, choose Keychain Access > Preferences. Click Reset Default Keychains. Choose Apple menu > Log Out. When you log in again, save your current login password in a keychain.
You should be able to build with a regular (non-admin) user, and make that user have no password. Then, you can auto-login as that user on your build system.
Another alternative is to store the password in an environment variable, but that barely hides the password.
If you have a regular user with no password, and you add the certificates to the Login keychain, you should be able to build remotely / automatically / unattended with no issues, including code-signing.
70
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
