tl;dr: The title and/or can I even add a keychain entitlement to a cli app?
I'm trying to store a generated private key and certificate properly in a CLI app. The call to SecItemAdd always results in an error with message A required entitlement isn't present.
I assume this is errSecMissingEntitlement, and its docs say it happens "when you specify an access group to which your app doesn’t belong".
But I'm not even specifying one. Here's a small excerpt (I know it's not a MVCE but the question is pretty general anyway):
func storeCert(_ cert: Data) throws {
let addQuery =
[
kSecClass: kSecClassCertificate,
kSecValueRef: cert,
kSecAttrLabel: CERT_USER_LABEL,
kSecAttrApplicationLabel: CERT_APP_LABEL
] as [String: Any]
let status = SecItemAdd(addQuery as CFDictionary, nil)
guard status == errSecSuccess else {
let msg = SecCopyErrorMessageString(status, nil) as String? ?? ""
throw MyErr.generic(message: "Unable to store cert: \(msg)")
}
}
I can't add the keychain entitlement to my CLI target, it doesn't show as an option in the add capability window.
Disclaimer: I'm quite new to macOS / Apple development, so if there's something obvious I'm missing, my bad.