I'm doing a remote/automated build[1] of my xcode projects[2] and in order to sign my apps I add this line before the build.
security unlock-keychain -p keychainpassword
This works fine, and unlocks the SYSTEM keychains where the certifcates are stored, but it's exposing the password for the user which the build agent is running on in the team-city interface for all to see.
The build process is running as a logged in user, and is self-contained... is there a way I can unlock the system/default keychain without providing the password?
I've just had a thought, what if I moved the certificates into the login's keychain (instead of system), would I still have to unlock it with a password?
Is this possible at all? Or should I setup a user which cannot do any damage and just build and do nothing else and expose that user's password..
[1] Using Teamcity, but irrelevant.
[2] IPhone projects, but again irrelevant.