From a0244b20a4964cf69980b25d977ee7d06048065e Mon Sep 17 00:00:00 2001
From: Scott Blake <945258+MScottBlake@users.noreply.github.com>
Date: Thu, 21 Aug 2025 16:13:15 -0400
Subject: [PATCH] Add keychain option to notarization_info

---
 README.md | 1 +
 munkipkg  | 7 +++++++
 2 files changed, 8 insertions(+)

diff --git a/README.md b/README.md
index 583c498..e8eff35 100644
--- a/README.md
+++ b/README.md
@@ -323,6 +323,7 @@ Keys/values of the `notarization_info` dictionary:
 | team_id           | String  | (see authentication) | The team identifier for the Developer Team, usually 10 alphanumeric characters |
 | password          | String  | (see authentication) | 2FA app specific password. |
 | keychain_profile  | String  | (see authentication) | App Store Connect API key issuer ID. |
+| keychain          | String  | No       | Keychain file containing `keychain_profile`. |
 | asc_provider      | String  | No       | Only needed when a user account is associated with multiple providers |
 | primary_bundle_id | String  | No       | Defaults to `identifier`. Whether specified or not underscore characters are always automatically converted to hyphens since Apple notary service does not like underscores |
 | staple_timeout    | Integer | No       | See paragraph bellow |
diff --git a/munkipkg b/munkipkg
index c1fe58a..5932c90 100755
--- a/munkipkg
+++ b/munkipkg
@@ -715,6 +715,13 @@ def add_authentication_options(cmd, build_info):
                 build_info['notarization_info']['keychain_profile']
             ]
         )
+        if 'keychain' in build_info['notarization_info']:
+            cmd.extend(
+                [
+                    '--keychain',
+                    build_info['notarization_info']['keychain']
+                ]
+            )
     else:
         raise MunkiPkgError(
             "apple_id + team_id + password or keychain_profile "