latest

internal/secret/keychainunlock.go

@@ -396,7 +396,7 @@ func CreateKeychainUnlockKey(fs afero.Fs, stateDir string) (*KeychainUnlockKey,
 
 // checkMacOSAvailable verifies that we're running on macOS and security command is available
 func checkMacOSAvailable() error {
-	cmd := exec.Command("security", "help")
+	cmd := exec.Command("/usr/bin/security", "help")
 	if err := cmd.Run(); err != nil {
 		return fmt.Errorf("macOS security command not available: %w (keychain unlock keys are only supported on macOS)", err)
 	}
@@ -405,7 +405,7 @@ func checkMacOSAvailable() error {
 
 // storeInKeychain stores data in the macOS keychain using the security command
 func storeInKeychain(itemName string, data []byte) error {
-	cmd := exec.Command("security", "add-generic-password",
+	cmd := exec.Command("/usr/bin/security", "add-generic-password",
 		"-a", itemName,
 		"-s", itemName,
 		"-w", string(data),
@@ -420,7 +420,7 @@ func storeInKeychain(itemName string, data []byte) error {
 
 // retrieveFromKeychain retrieves data from the macOS keychain using the security command
 func retrieveFromKeychain(itemName string) ([]byte, error) {
-	cmd := exec.Command("security", "find-generic-password",
+	cmd := exec.Command("/usr/bin/security", "find-generic-password",
 		"-a", itemName,
 		"-s", itemName,
 		"-w") // Return password only
@@ -440,7 +440,7 @@ func retrieveFromKeychain(itemName string) ([]byte, error) {
 
 // deleteFromKeychain removes an item from the macOS keychain using the security command
 func deleteFromKeychain(itemName string) error {
-	cmd := exec.Command("security", "delete-generic-password",
+	cmd := exec.Command("/usr/bin/security", "delete-generic-password",
 		"-a", itemName,
 		"-s", itemName)