User Profile

Having you thought about dropping persistent references entirely. Internet password keychain items are uniquely identified by a set of attributes I don't think this particular approach will work for me without some sort of data duplication. The scenario is database login details. A user may well change every attribute if they were to move to another server with a new username, password, port and database name. There isn't any constant attribute besides the label.The idea was I would store the persistent reference in UserDefaults and retrieve that and get the details from the keychain when the application is launched. To do that without a persistent reference, I would have to copy everything (except the password) and store those. I suppose not too much of an issue. There's other issues that follow however: I would also have to store the old set of attributes when performing an update since any or all of the attributes could be changed in this update operation. So I'd search on the old values and update with the new attributes. It's all doable, but not very clean which I thought persistent references would have been a good answer for.I suppose I could abuse an attribute and make kSecAttrSecurityDomain a UUID or something - but that's a bit of a hack it feels. Alternatively, you could use those attributes to refetch the persistent reference after the update. This approach will be cleaner than the above since I don't need to store an extra data in the application to do this. I think this is the workaround I'll try out. I can just re-use the array I'm putting into SecItemUpdate in the follow up query to get the new persistent reference. Oh, and you should definitely file a bug against the shim. Done: FB7431827Ultimately though, if fixed it will probably not be backported to earlier macOS versions at this stage. And when I'm in the position to drop support for older macOS versions, I'll probably be moving to use kSecUseDataProtectionKeychain anyway, as per the official guidance.

It seems not. After setting kSecAttrSynchronizable, the problem does not happen.As much as I'd like to use kSecUseDataProtectionKeychain, unfortunately I still need to support 10.14 and syncing with iCloud is less than ideal.