I found a reproducible case of this same error while using aws-vault over a remote SSH session into a MacBook: ssh mymacbook.local aws-vault exec ${AWS_CONFIG_PROFILE_NAME_HERE} -- ${SOME_AWS_COMMAND_HERE} This opens a local browser page to AWS SSO auth. I'm able to use VNC to remotely connect to the active display and click to approve the session in the browser window. Then the command returns the following error: Opening the SSO authorization page in your default browser (use Ctrl-C to abort) https://device.sso.us-east-1.amazonaws.com/?user_code=XXXX-XXXX aws-vault: error: exec: Failed to get credentials for ${AWS_CONFIG_PROFILE_NAME_HERE}: User interaction is not allowed. (-25308) This same command works perfectly fine when run locally & directly using the MacBook's keyboard & screen. The -25308 error code and message are 100% reproducible when trying this command over a remotely connected SSH terminal session. I have checked that the login keychain is shown as unlocked in the Keychain Access app. I've also tried running: security unlock-keychain  "${HOME}/Library/Keychains/login.keychain-db" in the remote SSH terminal. Seems like this may have something to do with some other hidden macOS security settings that prevent aws-vault (or other apps, such as the VPN app the OP mentions), from working over a remotely started terminal session?

I checked the system logs while running the aws-vault command to reproduce the error, and sure enough securityd is logging some errors about code signing while aws-vault tries to perform keychain operations: 2022-05-03 16:52:03.461873-0600 0xab0f62   Activity    0xc55614             11605  0    aws-vault: (Security) SecKeychainOpen 2022-05-03 16:52:03.462417-0600 0xab0f62   Activity    0xc55615             11605  0    aws-vault: (Security) SecKeychainOpen 2022-05-03 16:52:03.462836-0600 0xab0f62   Error       0x0                  11605  0    aws-vault: (libsqlite3.dylib) [com.apple.libsqlite3:logging-persist] cannot open file at line 45530 of [9ff244ce07] 2022-05-03 16:52:03.462872-0600 0xab0f62   Error       0x0                  11605  0    aws-vault: (libsqlite3.dylib) [com.apple.libsqlite3:logging-persist] os_unix.c:45530: (2) open(/var/db /DetachedSignatures) - No such file or directory 2022-05-03 16:52:03.465167-0600 0xab0f62   Activity    0xc55616             11605  0    aws-vault: (Security) SecTrustEvaluateIfNecessary 2022-05-03 16:52:03.467640-0600 0xab0f62   Activity    0xc55617             11605  0    aws-vault: (Security) SecTrustSettingsXPCRead 2022-05-03 16:52:03.467809-0600 0xab0d8e   Activity    0xc54f18             634    0    trustd: (libsystem_info.dylib) Membership API: translate identifier 2022-05-03 16:52:03.468701-0600 0xab0f62   Activity    0xc55618             11605  0    aws-vault: (Security) SecKeychainAddCallback 2022-05-03 16:52:03.468819-0600 0xab0f62   Activity    0xc55619             11605  0    aws-vault: (Security) SecTrustSettingsXPCRead 2022-05-03 16:52:03.474920-0600 0xab0f62   Activity    0xc5561a             11605  0    aws-vault: (Security) SecTrustEvaluateIfNecessary 2022-05-03 16:52:03.480998-0600 0xab0f62   Activity    0xc5561b             11605  0    aws-vault: (Security) SecItemAdd 2022-05-03 16:52:03.481988-0600 0xab0a65   Default     0x0                  364    0    securityd: [com.apple.securityd:clientid] code requirement check failed (-67050), client is not Apple- signed 2022-05-03 16:52:03.483018-0600 0xd3b      Default     0x0                  364    0    securityd: [com.apple.securityd:KCdb] 0x13626c430(0x13636d7c0) unlocking for makeUnlocked() 2022-05-03 16:52:03.483068-0600 0xd3b      Default     0x0                  364    0    securityd: [com.apple.securityd:SecurityAgentConnection] new SecurityAgentConnection(0x16b4eea30) 2022-05-03 16:52:03.483099-0600 0xd3b      Default     0x0                  364    0    securityd: [com.apple.securityd:SecurityAgentXPCQuery] new SecurityAgentXPCQuery(0x16b4eea30) 2022-05-03 16:52:03.483417-0600 0xd3b      Default     0x0                  364    0    securityd: [com.apple.securityd:clientid] code requirement check failed (-67050), client is not Apple- signed 2022-05-03 16:52:03.483455-0600 0xd3b      Default     0x0                  364    0    securityd: [com.apple.securityd:SecurityAgentConnection] activate(0x16b4eea30) 2022-05-03 16:52:03.483517-0600 0xd3b      Default     0x0                  364    0    securityd: (Security) [com.apple.securityd:security_exception] MacOS error: -25337 2022-05-03 16:52:03.483823-0600 0xd3b      Default     0x0                  364    0    securityd: [com.apple.securityd:security_exception] CSSM Exception: 224 unknown error 224=e0 2022-05-03 16:52:03.483940-0600 0xd3b      Default     0x0                  364    0    securityd: [com.apple.securityd:SecurityAgentXPCQuery] SecurityAgentXPCQuery(0x16b4eea30) dying 2022-05-03 16:52:03.484082-0600 0xab0f62   Default     0xc5561b             11605  0    aws-vault: (Security) [com.apple.securityd:security_exception] CSSM Exception: -2147415840 CSSMERR_CSP _NO_USER_INTERACTION 2022-05-03 16:52:03.483972-0600 0xd3b      Default     0x0                  364    0    securityd: [com.apple.securityd:SecurityAgentConnection] SecurityAgentConnection(0x16b4eea30) dying 2022-05-03 16:52:03.484158-0600 0xab0f62   Default     0xc5561b             11605  0    aws-vault: (Security) [com.apple.securityd:security_exception] CSSM Exception: -2147415840 CSSMERR_CSP _NO_USER_INTERACTION 2022-05-03 16:52:03.484829-0600 0xab0b71   Error       0x0                  469    0    analyticsd: [com.apple.analyticsd:xpc] [XPC Server] managed connection recieved connection invalidated : Connection invalid 2022-05-03 16:52:03.485589-0600 0x1058     Default     0x0                  406    0    mDNSResponder: [com.apple.mDNSResponder:Default] [R185837] DNSServiceCreateConnection STOP PID[11605]( aws-vault) 2022-05-03 16:52:03.500952-0600 0xab1038   Default     0x0                  0      0    kernel: arm64e_plugin_host: running binary "bash" in keys-off mode due to identity: com.apple.bash 2022-05-03 16:52:03.505416-0600 0x12e1     Error       0x0                  628    0    Google Chrome: (QuartzCore) [com.apple.coreanimation:API] cannot add handler to 4 from 4 - dropping 2022-05-03 16:52:03.530880-0600 0xab1055   Default     0x0                  0      0    kernel: arm64e_plugin_host: running binary "bash" in keys-off mode due to identity: com.apple.bash 2022-05-03 16:52:03.536886-0600 0xab1059   Default     0x0                  0      0    kernel: arm64e_plugin_host: running binary "bash" in keys-off mode due to identity: com.apple.bash Seems like the final error reported by aws-vault is from this line: aws-vault: (Security) [com.apple.securityd:security_exception] CSSM Exception: -2147415840 CSSMERR_CSP _NO_USER_INTERACTION Which was caused immediately by the securityd errors just before that: securityd: [com.apple.securityd:clientid] code requirement check failed (-67050), client is not Apple- signed securityd: (Security) [com.apple.securityd:security_exception] MacOS error: -25337 securityd: [com.apple.securityd:security_exception] CSSM Exception: 224 unknown error 224=e0 This overall seems like an issue built-in to macOS, probably for security reasons that presume that all Keychain actions should be attached to an app that has an interactive GUI. Seems very similar to this issue reported on a terminal app using the keyring while under screen or SSH session

[quote='757425022, DTS Engineer, /thread/722360?answerId=757425022#757425022'] In a C-based language arrays and pointers are (more or less :-) the same thing, [/quote] To be pedantic... This is a common misconception. The nuance here is that a static C array is effectively an allocated address on the stack. It is always just an address. This is because a typical array variable is statically allocated at compile time and its size is known beforehand based on the compiler parsing the language. The address of the first element is what the array is. Meanwhile, a pointer is another type of variable. A pointer is effectively a space to store an address to something else. At compile time, the compiler knows the size of an address (on a particular machine architecture) and statically allocates a place on the stack to store the address of something else (the thing being pointed to). A pointer has it's own address. The value stored in that place is also another address. So, given the above, effectively a C array is not a pointer. Although, due to the way that pointer arithmetic works, people often mistake the behavior of each to be similar. In fact, it turns out that the syntax to set an array element and the syntax to do the same via pointer arithmetic both result in the same machine code or assembly generated by the C compiler. The stride of an array is known from the type it contains, and therefore pointer arithmetic can be used on the address of an array to access or set its elements. It still does not change the fact that an array is literally the address of the first element. Meanwhile, a pointer is another place storing an address as its value. Huw Collingbourne made a great video explaining this in detail here: https://www.youtube.com/watch?v=bFAO99USrYI EDIT: I'm not sure how the above situations apply on Apple Silicon (aarch64/arm64) and how a compiler would allocate a large array on the stack when compiling to machine code on ARM. Huw's example is most definitely on Intel x86 architecture, and therefore the example disassembly is in Intel x86 assembly. It makes sense that changing to use malloc() and place an array on the heap is working around the issue if something with stack-allocated large arrays is different on Apple Silicon.