Unable to unlock the keychain

Question

Building a new Jenkins for an iOS app CI story. I created a keychain named build in KeyChainAccess to hold the dev certificate.

I set a password for the keychain. On Jenkins, Manage Jenkins --> Keychains and Provisioning Profiles Management -> choose the build.keychain file and upload.

I filled in the password (the same as what I set earlier). I filled in the certificate (by copy the common name of the certificate info in KeyChain access).

I created a Jenkins job using the Keychain and Code Signing Identity, filled in the password. But when I build the project by Jenkins, it throw the following error in Console Output:

[ProjectName] $ /usr/bin/security unlock-keychain -p ********    /Users/Shared/Jenkins/Home/jobs/JobName/workspace/build.keychain
security: SecKeychainUnlock /Users/Shared/Jenkins/Home/jobs/JobName/workspace/build.keychain: The user name or passphrase you entered is not correct.

FATAL: Unable to unlock the keychain.

I checked the password, I can unlock the build keychain in KeyChain Access using the password. I am not sure what username it asks for, Jenkins?

Answer 1

[thanks to Yuriy Vinogradov for their original source of this answer]

If you happen to be getting the "Unable to unlock the keychain" error in an IntelliJ product (ex: IDEA, DataGrip...), maybe in relation to a database, optional IntelliJ KeePass configuration might be a solution in that context.

For example (in IDEA 2023.1.1): Preferences -> Appearance & Behavior -> System Settings -> Passwords -> In KeePass

*Note - the KeePass option details that:

Stored using weak encryption. It is recommended to store on encrypted volume for additional security.

Answer 2

I had a similar problem running unlock-keychain from jenkins after upgrading to Mojave.

It was caused by the default keychain being set incorrectly.

I used security default-keychain -s <name> to change the default back to the jenkins user's login keychain.

Answer 3

In my Mac, got a similar issue for unlock keychain command command.

• I have just quit the terminal(all tabs)
• Quit the keychain
• Reopened the keychain -> unlocked and locked the keychains couple of times manually.
• Then I executed the command, it worked! Surprising..

One more hint, got this issue after upgrading macOS from Sierra to High Sierra.

Answer 4

It's been a long time since you asked this question but I think it's worth it to answer it!

The output error The username or passphrase you entered is not correct. can be caused by several things but one of the common errors is a wrong keychain path.

To solve it the first thing you need to be sure is that your keychain was created and get its correct path. Run the following command in your console:

security list-keychains

The output should return all the keychains you have, something like this:

    "/Users/jenkins/Library/Keychains/login.keychain-db"
    "/Library/Keychains/System.keychain"

If your build keychain is not there something were wrong during its creation and you need to create it again. In case you keychain is the above list you need to copy the path where the keychain is located.

If for some reason the name of your keychain is duplicated in that list be sure to remove the duplicated keychains running the following command:

security list-keychains -s pathOfTheKeychainDuplicated

Then with the path and the password of the user with access to this keychain you can unlock it using the following command:

security unlock-keychain -p ****** /Users/jenkins/Library/Keychains/login.keychain-db

In the above command, the path should be the one of your build keychain

I hope this helps you.