Creating a temporary keychain for your build system

2 min readAug 8, 2021

I use fastlane and matcha lot. But sometimes it is just not cutting it when setting up build systems like GitHub Actions, Bitbucket or Gitlab Pipelines. In that case it can be helpful to create and manage your own keychain.

For example we experienced that productsignwas giving us a lot of trouble when using Github Actions. This is because for whatever reason productsignwanted to prompt the user to input a password for the private key. And this is not possible on a CI-system. Fastlane match should have set the keychain correctly but we was unable to get it to work.

This was driving me crazy, I tried everything — I even posted on StackOverflow but no one seemed to have been having this issue before.

https://stackoverflow.com/questions/68541016/github-actions-productsign-hangs

The solution was to create our own keychain and import our certificates directly to that one. When that is done, codesignand productsigncan read the certificates without any problems.

Variables

Before running any of the scripts you need to setup up a few environment variables.

MY_KEYCHAIN = "tmp-keychain"
MY_KEYCHAIN_PASSWORD = "temp1234"
CERT = "installer-id.p12"
CERT_PASSWORD = "test1234"
IDENTITY_CERTIFICATE = "Common name from $CERT"

Setup New Keychain

The following can simply be put into two shell scripts that you can execute before signing and when signing is complete.

# default again user login keychain
security list-keychains -d user -s login.keychain

# Create temp keychain
security create-keychain -p "$MY_KEYCHAIN_PASSWORD" "$MY_KEYCHAIN"

# Append temp keychain to the user domain
security list-keychains -d user -s "$MY_KEYCHAIN" $(security list-keychains -d user | sed s/\"//g)

# Remove relock timeout
security set-keychain-settings "$MY_KEYCHAIN"

# Unlock keychain
security unlock-keychain -p "$MY_KEYCHAIN_PASSWORD" "$MY_KEYCHAIN"

# Add certificate to keychain
security import $CERT -k "$MY_KEYCHAIN" -P "$CERT_PASSWORD" -A -T "/usr/bin/codesign" -T "/usr/bin/productsign"

# Enable codesigning from a non user interactive shell
security set-key-partition-list -S apple-tool:,apple:, -s -k $MY_KEYCHAIN_PASSWORD -D "${IDENTITY_CERTIFICATE}" -t private $MY_KEYCHAIN

Clean up

# Delete temporary keychain
security delete-keychain "$MY_KEYCHAIN"

# default again user login keychain
security list-keychains -d user -s login.keychain

Thats about it.

Continuous Integration

Written by Rasmus Styrk

46 Followers

I work as a software developer with years of experience within the field of web, apps and server architecture.

More from Rasmus Styrk

Build and Deploy your iOS app with Github Actions and Fastlane

Rasmus Styrk

Build and Deploy your iOS app with Github Actions and Fastlane

I wanted to use Github Actions to run my test and to deploy a new version to testflight. After 3 days of debuggning and using all my build…

7 min readJan 17, 2021

Using VIM for React, Rails & Node development

Rasmus Styrk

Using VIM for React, Rails & Node development

VIM is open source and free and works on any platform that you are going to do code on. Best of all it is very extendable, really fast and…

5 min readApr 11, 2021

Handle Apple Sign In on the server (Ruby on Rails)

Rasmus Styrk

Handle Apple Sign In on the server (Ruby on Rails)

I recently had to implement “Sign in with Apple” for one of our customers and at first glance it was pretty straight forward but when i…

2 min readNov 26, 2019

Rasmus Styrk

Migrate Fastlane to use Auth Keys

With the new requirement of having two factor authentication enabled on all apple id’s it is getting more frustrating to have CI upload…

4 min readApr 26, 2021

See all from Rasmus Styrk

Recommended from Medium

How to Add Sign In with Apple to Your Next.js Application Using NextAuth

Trived Kumar Jajala

How to Add Sign In with Apple to Your Next.js Application Using NextAuth

App Setup:

6 min readJul 8

Girish Muchalambe
in
Globant

Boost your Productivity: Integrate GitHub Copilot with Xcode

Are you tired of writing repetitive code and wish there was an easier way to generate it? Use GitHub Copilot, an AI-powered code suggestion…

6 min readMay 9

Lists

Staff Picks

454 stories297 saves

Stories to Help You Level-Up at Work

19 stories224 saves

Self-Improvement 101

20 stories601 saves

Productivity 101

20 stories558 saves

Adding Event to Google Calendar in iOS Swift

Sham Kumar

Adding Event to Google Calendar in iOS Swift

Let me tell you what causes me to write this article. I was developing an app in which I need to add functionality to add events in both…

5 min readJul 2

Build a CI/CD workflow with github Actions for your react-native application

Yuanji Zhai

Build a CI/CD workflow with github Actions for your react-native application

Time is money, make it automatically.

4 min readJul 4

Akash More
in
Simform Engineering

MapKit 🤝 SwiftUI in iOS 17

Implement MapKit APIs introduced at WWDC 2023 for SwiftUI with Xcode 15.

6 min read5 days ago

Gautam Sareriya

Prevent Screen Capture in iOS App

Have you ever wondered how we can prevent screenshot from iPhone app? Well, you are in a right document and we will be discussing the same.

5 min readJun 20

See more recommendations

Help
Status
Writers
Blog
Careers
Privacy
Terms
About
Text to speech
Teams