I wrote a Keychain controller that add, delete and fetch keychain items using SecItemAdd(_:_:)and related APIs with data protection keychain enabled (kSecUseDataProtectionKeychain). I am using it in a macOS Cocoa app.
I am using Swift Testing to write my tests to ensure that the controller works as expected.
As I understand, I should create my own keychain for testing rather than use the actual keychain in macOS. Currently, I created a separate keychain group (e.g. com.testcompany.testapp.shared) and added it to myapp.entitlements file so that the tests pass without failing because of the missing entitlement file.
SecKeychainCreate(_:_:_:_:_:_:) and SecKeychainDelete(_:) API are deprecated with no alternative provided in the documentation. I noticed SecKeychain class but documentation doesn't explain much about it.
How should I test my keychain controller properly so that it does not use the actual macOS keychain, which is the "production" keychain?
I should create my own keychain for testing rather than use the actual keychain in macOS.
That’s not feasible if you’re using the data protection keychain. There is only one of those (per device on iOS and its simulators, per user on the Mac).
However, the nice thing about the data protection keychain is that you only have access to, and thus can only mess up, the keychain items in your keychain access groups [1]. Thus, it’s much less common to run into weird problems.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
[1] As defined by the entitlements listed in Sharing access to keychain items among a collection of apps.