keychain initialize --path=$(mktmp) fails keychain initialize --path=$(mktmp).keychain-db works

[mmattes]

keychain initialize --path=$(mktmp) fails keychain initialize --path=$(mktmp).keychain-db works. It is a bit irritating for me that i explicitly need to end the path on .keychain-db and that i cant just provide a path

[priitlatt]

Hi @mmattes. The problem with

keychain create --path=$(mktemp)

is that mktemp already creates a new file:

10:29:52 priit@groundhog T file $(mktemp)
/var/folders/vs/tcrc5cns67zgynxt6fssjdg80000gn/T/tmp.lQk3HVgs: empty

It is a safeguard by security (command line interface to keychains, which is used under the hood) to prohibit overwriting already existing keychains as secrets could be erased accidentally this way.

Now, by passing $(mktemp).keychain-db to the --path argument you are essentially creating a new file at some path. However, this (existing) file is dismissed and and another (non-existing) with suffix .keychain-db is used instead to create the new keychain.

An improvement to this on our end could be to introduce a new option -o / --overwrite-existing to keychain create and keychain initialize actions which would first remove given file if it exists, and only then create new keychain. What do you think about that?