diff --git a/.github/workflows/build-macos.yml b/.github/workflows/build-macos.yml
index 6aa643f..bd870e2 100644
--- a/.github/workflows/build-macos.yml
+++ b/.github/workflows/build-macos.yml
@@ -23,21 +23,27 @@ jobs:
         run: npm install
         working-directory: simpliplay
 
+      - name: Create a temporary keychain
+        run: |
+          security create-keychain -p "" build.keychain
+          security list-keychains -s build.keychain login.keychain-db
+          security unlock-keychain -p "" build.keychain
+
       - name: Import macOS certificate
         env:
           CERT_P12_BASE64: ${{ secrets.MAC_CERTIFICATE_P12 }}
           CERT_PASSWORD: ${{ secrets.MAC_CERTIFICATE_PASSWORD }}
         run: |
-          echo "$CERT_P12_BASE64" | base64 -D > cert.p12
-          security import cert.p12 -k ~/Library/Keychains/login.keychain-db -P "$CERT_PASSWORD" -T /usr/bin/codesign
-          security set-key-partition-list -S apple-tool:,apple: -s -k "" ~/Library/Keychains/login.keychain-db
+          echo "$CERT_P12_BASE64" | base64 --decode > cert.p12
+          security import cert.p12 -k build.keychain -P "$CERT_PASSWORD" -T /usr/bin/codesign
+          security set-key-partition-list -S apple-tool:,apple: -s -k "" build.keychain
 
       - name: Build macOS
         env:
           CSC_IDENTITY_AUTO_DISCOVERY: false
-          CSC_KEYCHAIN: login.keychain-db
-          CSC_NAME: "Anirudh Sevugan"
-          CSC_LINK: ${{ secrets.MAC_CERTIFICATE_PASSWORD }}
+          CSC_KEYCHAIN: build.keychain
+          CSC_NAME: "Anirudh Sevugan" # <-- Make sure this matches exactly your cert's CN
+          CSC_KEY_PASSWORD: ${{ secrets.MAC_CERTIFICATE_PASSWORD }}
         run: npx electron-builder --mac --x64 --arm64 --universal
         working-directory: simpliplay
 
@@ -46,3 +52,8 @@ jobs:
         with:
           name: builds
           path: simpliplay/dist/*.dmg
+
+      - name: Delete temporary keychain
+        if: always()
+        run: |
+          security delete-keychain build.keychain