Post

Replies

Boosts

Views

Activity

SecItem API and the future of file-based keychains
Referring to https://developer.apple.com/forums/thread/696431: The data protection keychain is only available in a user login context. You cannot use it, for example, from a launchd daemon. That's my scenario – I have a launchd privileged helper tool that needs access to keychain items (items that it creates and has exclusive access to, and items that may be required prior to user login). So this would appear to leave us with only one option – the System keychain. We can work with that (proof-of-concept shows that it works for us), but referencing the same forum post above: The file-based keychain is on the road to deprecation. So before I make a big migration to the System keychain, should I be concerned that the System keychain (being a file-based keychain) will go away in the future as well? If so, is there some other alternative that I should consider instead?
1
0
740
Nov ’22