This is the command I use, but must migrate, to notarize a macOS app:
xcrun altool --notarize-app -f "$outputDmg" --primary-bundle-id "$notarizeBundleId" -u "$notarizeUser" -p "@keychain:AC_PASSWORD"
The migration docs I read implied that the following should work:
xcrun notarytool submit --apple-id "$notarizeUser" "--team-id" $notarizeTeam --password "@keychain:AC_PASSWORD" "$outputDmg"
But it doesn't. I can get it to work only if I put the password from the keychain on the command line. I cannot accept this.
What can I do to make this work?
I should mention the fact that I can display the password in the keychain if I execute this: security find-generic-password -w -s 'AC_PASSWORD' -a "$notarizeUser"
And I should mention that I'm using an app-specific password and that I've been using altool this way for years.
Here is a link to the migration doc I cited: TN3147: Migrating to the latest notarization tool | Apple Developer Documentation?changes=_3_3