search

fastlane-old / deliver

Upload screenshots, metadata and your app to the App Store using a single command
https://fastlane.tools
2.24k stars 162 forks source link

Request keychain access with specific signature #533

Closed cybertk closed 8 years ago

cybertk commented 8 years ago

Deliver can use the password stored in Keychain, however, it's requesting the credential with the signature of 'security', like this

screen shot 2016-01-08 at 11 11 30

The current mechanism of requesting credential from keychain is not safe in CI environment, we can not keep credential secret, i.e. user can get the password via

security find-internet-password -s deliver.developer.apple@example.com

So, it's better to use a specific signature while requesting credential from keychain, then we can make use of Keychain's Access Control to allow only deliver/fastlane to requesting credential

screen shot 2016-01-08 at 11 15 51
fastlane-bot commented 8 years ago

This issue was migrated to https://github.com/fastlane/fastlane/issues/1537. Please post all further comments there.

fastlane is now a mono repo, you can read more about the change in our blog post. All tools are now available in the fastlane main repo :rocket: