I'm trying to use the @keychain option with the -p switch in altool in order to load my iTunes Connect password from the keychain:
altool --validate-app -f "${IPA}" -u "redacted" -p "@keychain:?????"
I'm trying to figure out what I need to enter after @keychain:. Everything I try (path of the keychain file, name of the keychain entry, username in the keychain entry) produces the following error:
*** Error: The specified item could not be found in the keychain.
altool supplies the following info about the -p param:
-p, --password Password. Required if username specified. Password is read from stdin if one is not supplied.
May use @keychain: or @env: prefixes followed by the keychain or environment variable lookup name.
e.g. -p @env:SECRET which would use the value in the SECRET environment variable.
The correct usage is to enter the name of the keychain item (not the name of the keychain itself, and not the "Account" field for the keychain item).
My problem was actually related to access control. I had to edit the keychain item in Keychain Access and tweak the Access Control settings to allow altool to see the keychain item.