I have a command line process which is calling an API and fetching tokens from keychain. When I am running this process standalone with/without sudo from terminal, it is able to access the keychain entries. Now I have converted this into a launch daemon and trying to execute it as a launch daemon then it is not able to access token and giving me the error as "Failed to read stored item from keychain (status: -25308)". I am using the below plist for creating the launch daemon.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>TestAuth_SilentDaemon</string>
<key>Program</key>
<string>*complete path of TestAuth_SilentDaemon*</string>
<key>KeepAlive</key>
<true/>
<key>SessionCreate</key>
<true/>
<key>UserName</key>
<string>admin</string>
</dict>
</plist>
Can someone please suggests what I am missing here?
It seems like it could be connected to the
errSecInteractionNotAllowed. Error -25308 is errSecInteractionNotAllowed This usually means that you’re trying to access a keychain item that’s not accessible while the device is locked.It's mostly described as iOS issue, but also MS docs talks that:
Check out that answer: https://stackoverflow.com/a/9735506/1595293
Based on the post: