Here is the solution if anybody need it: security default-keychain -s "`echo ~`/Library/Keychains/login.keychain-db" Should work, make bash expand the tild and avoid bad security path management.

Damn this certificate thing is such a pain. Why can't they clearly state the need certificates and the missing or wrong one. Come on Apple this signing nightmare has to end one day. Be transparent and specific about the needed items required into the keychain and where to find them. Stop messing around. Or make a tool to recover them (why do I have to manually download public available certificate from your website?! what security does this add??? Why is having 2 certificates seem to be a nightmare and make it failed. Why if 2 provisioning for the same application only the first one is check. The automatic features is so broken, I cannot even understand how some make it work properly. I undertand some cie make a living to unmess this broken thing (fastlane...). Trying to make this work into a CI is such a pain. Even ssh user under Mac OS doesn't behave the same way as GUI user login to use those cecrtificate, I had to make extra steps that are so obscure I cannot believe I had to do this (locking the keychain before unlocking it, because if the gui user has it unlock, the same ssh user cannot access it and unlock will do nothing since it's already unlock!). Seriously, I wish the AppStore die and ***** win their cause, just because that signing process is such a pain, it run like a square wheel. The name C y d i a got masked above wow, seriously?? Talk about cheap censoreship!