notarytool can't get password from keychain like altool does

Question

This is the command I use, but must migrate, to notarize a macOS app:

xcrun altool --notarize-app -f "$outputDmg" --primary-bundle-id "$notarizeBundleId" -u "$notarizeUser" -p "@keychain:AC_PASSWORD"

The migration docs I read implied that the following should work:

xcrun notarytool submit --apple-id "$notarizeUser" "--team-id" $notarizeTeam --password "@keychain:AC_PASSWORD" "$outputDmg"

But it doesn't. I can get it to work only if I put the password from the keychain on the command line. I cannot accept this.

What can I do to make this work?

Notarization

528

Posted by

yhnfc

Reply

I should mention the fact that I can display the password in the keychain if I execute this: security find-generic-password -w -s 'AC_PASSWORD' -a "$notarizeUser"

—
yhnfc
And I should mention that I'm using an app-specific password and that I've been using altool this way for years.

—
yhnfc
Here is a link to the migration doc I cited: TN3147: Migrating to the latest notarization tool | Apple Developer Documentation?changes=_3_3

—
yhnfc

Add a Comment

Answer 1

Looks like I have to jump through some hoops to store the password a different way and then add the --keychain-profile AC_PASSWORD option on the command line. Not at all happy as this provides me with no apparent benefit. Just lots of change. Thanks for nothin.

Posted by

yhnfc

Add a Comment

notarytool can't get password from keychain like altool does

Replies