Code Signing from Script Debugger without entering my password?

I have my Apple Developer Certificate in keychain and code signing turned on for exports from Script Debugger.

But every time I do an export, it asks me to enter my username and password to access the system keychain - not once, but 4 times per export.

That’s annoying enough… but we have batch export scripts that deploy an entire git repository branch of out Applescripts to a test environment. It’s 185 scripts. When run, now that code signing is turned on, it asks me to enter my username and password 740 consecutive times when that script is run. It’s also constantly stealing focus as it goes.

I tried deleting my Apple Developer Certificates from the System keychain and installing them in my user keychain - I figured this would solve the login problem. I removed the system copies and quit and restarted Script Debugger. No dice… signing still works, but it still asks for the username and password 4 times per script.

Any suggestions?



People have had success solving other privacy-related issues by deleting SD from the various Security & Privacy panes in System Preferences, deleting any previous versions of SD, rebooting, and trying again.

Can you try a test and see if it happens using SD Notary too? Just export without signing, and either Sign Only or Notarize.

Well, after needing to go off to work on other things, I’ve gotten back to this.

I tried deleting Script Debugger from every section where it occurred in
System Preferences → Security and Privacy
Then re-adding it, but that didn’t change things, it still wants the password 4 times per signing.

I got SD Notary setup… it’s better, it only wants the password twice per signing :expressionless:

Any other ideas what I can try? I’ve been googling and found some things to try, but no luck yet.

There are posts about problems like this from having various certificates in the wrong level of keychain. I see three possible related certificates in this chain:

And then there are three relevant keychains:

but it’s unclear to me what certificates are supposed to be where… I’ve got

In “login” and then

is in both:

The two copies of that may be the issue, but it’s unclear to me where it’s supposed to go…

After more searching, it appeared to me that “Developer ID Certification Authority” is supposed to be in “System Roots,” so I deleted the other copy out of “Login,” and I still get the same problem.

I found it!

My developer certificates were missing an associated private key in the keychain.

FYI, keychain’s UI here is terrible… the “Category” column on the left side-pane, one would expect to simply refine the list of items on the right based on category… in fact, for certificates, it changes the UI to give a carrot to drop down and view keys associated with certificates only when you click on “Certificates” on the left… otherwise you can view the same certificate and it will NOT show a carrot and associated keys.

Anyway, I was missing my associated keys. I had another developer click “certificates,” carrot down, shift-click to select both the cert and the key, then right-click and export as a p12 file, then I imported those to my keychain, deleted my original copy of the cert without the key. I also clicked on each associated key, switched to the “Access Control” tab, and choose “Allow all applications to access this item.”

Problem solved.

Here’s the Stack Overflow post I finally found that led me to this solution: