Storing AppStoreConnect ApiKey to keychain failing

Question

Created Mar ’24

Replies 7

Boosts 1

Views 1k

Participants 3

I am running Xcode 15.3. I have downloaded an app ApiKey that I am attempting to store in my keychain. I have an M3 Mac and running Sonoma 14.4.1.

From the command line I run xcrun notarytool store-credentials which prompts me to enter Profile name, Path to App Store Connect API private key, App Store Connect API Key ID, and App Store Connect API Issuer ID. I provide this info and only get the following:

Validating your credentials...

zsh: trace trap xcrun notarytool store-credentials

I am stuck here and need to resolve this. Any suggestions?

Answered by gulevich in 787940022

Generate a new Team API Key, set "Developer" permission on it, and use that for notarization.

This error happens when provided API Key is unauthenticated. This kind of error is handled incorrectly in Notary API REST (a plain text response is produced instead of JSON).

The problem is compounded by the undocumented fact, that Personal API Keys are not eligible for Notary API and one has to use a Team API Key with "Developer" permission for notarization.

Boost

Answer 1

laking44 OP

Mar ’24

Run above command with --verbose option I get this:

Validating your credentials... [16:39:00.503Z] Info [API] Initialized Notary API with base URL: https://appstoreconnect.apple.com/notary/v2/ [16:39:00.505Z] Info [API] Preparing GET request to URL: https://appstoreconnect.apple.com/notary/v2/test?, Parameters: [:], Custom Headers: private<Dictionary<String, String>> [16:39:00.505Z] Debug [JWT] Generating new JWT for key ID: ... zsh: trace trap xcrun notarytool store-credentials --verbose

0

Answer 2

laking44 OP

Mar ’24

Validating your credentials...
[16:39:00.503Z] Info [API] Initialized Notary API with base URL: https://appstoreconnect.apple.com/notary/v2/
[16:39:00.505Z] Info [API] Preparing GET request to URL: https://appstoreconnect.apple.com/notary/v2/test?, Parameters: [:], Custom Headers: private<Dictionary<String, String>>
[16:39:00.505Z] Debug [JWT] Generating new JWT for key ID: ...
zsh: trace trap  xcrun notarytool store-credentials --verbose

0

Answer 3

laking44 OP

Mar ’24

Running above command w/ --verbose option gives:

Validating your credentials...

[16:48:55.556Z] Info [API] Initialized Notary API with base URL: https://appstoreconnect.apple.com/notary/v2/

[16:48:55.557Z] Info [API] Preparing GET request to URL: https://appstoreconnect.apple.com/notary/v2/test?, Parameters: [:], Custom Headers: private<Dictionary<String, String>>

[16:48:55.558Z] Debug [JWT] Generating new JWT for key ID: ...

zsh: trace trap xcrun notarytool store-credentials --verbose

0

Answer 4

mammouth2727 OP

Apr ’24

Did you find a workaround? I am getting the same issue.

0

Answer 5

laking44 OP

Apr ’24

@mammouth2727 Unfortunately I have not...

0

Answer 6

gulevich OP

May ’24

Accepted Answer

Generate a new Team API Key, set "Developer" permission on it, and use that for notarization.

This error happens when provided API Key is unauthenticated. This kind of error is handled incorrectly in Notary API REST (a plain text response is produced instead of JSON).

The problem is compounded by the undocumented fact, that Personal API Keys are not eligible for Notary API and one has to use a Team API Key with "Developer" permission for notarization.

1

Answer 7

laking44 OP

May ’24

Thank you @gulevich. I was using an Individual Key that I generated from the People tab of Users and Access. Based on your response I found Team Keys under the Integrations tab. I generated a Team Key, downloaded, and was then able run xcrun notarytool store-credentials using that key.

1