iCloud Keychain database grows when 2-factor enabled

I'm seeing a problem with iCloud Keychain in macOS 10.13.x where, when 2-factor authentication is enabled for the account, the local database file grows to somewhere between 300-500MB. When this happens, features such as Safari password autofill stops working, and syncing of things like wireless networks becomes unreliable.

In the console, there are many entries such as the following:


ready to process an incoming queue entry: <CKKSIncomingQueueEntry(Manatee): add A7DAEE48-7BCA-74C4-CDBA-13E9F724B18E (new)> A7DAEE48-7BCA-74C4-CDBA-13E9F724B18E add


inserted <inet,rowid=22269,cdat=2018-04-08 00:18:34 +0000,mdat=2018-04-08 00:18:34 +0000,desc=null,icmt=null,crtr=null,type=42,scrp=null,labl=PCS com.apple.textinput.KeyboardServices.Secure2 - phlLY6Fz,alis=null,invi=1,nega=null,cusi=null,prot=null,acct=phlLY6Fz44xNr0kY0Fn5LbRt+RTxRi/sPOLaokqOUFA=,sdmn=ProtectedCloudStorage,srvr=176150634,ptcl=0,atyp=BA06BB6C4A7811231BE5DF0F62AB47910DEA9D86,port=0,path=,data=0b15:070000000AA4070A...|f0a998edcb087992,agrp=com.apple.ProtectedCloudStorage,pdmn=ck,sync=1,tomb=0,sha1=D7E84BBC23AFC63D228BE01A47C1974D47B2004A,vwht=Manatee,tkid=null,v_Data=<?>,v_pk=820AAC4860864475A8D0CF116DFAC908B7AB4419,accc=null,u_Tomb=null,musr=,UUID=A7DAEE48-7BCA-74C4-CDBA-13E9F724B18E,sysb=null,pcss=42,pcsk=A6194B63A173E38C4DAF4918D059F92DB46DF914F1462FEC3CE2DAA24A8E5050,pcsi=6181FB3081F802012A0201010420A6194B63A173E38C4DAF4918D059F92DB46DF914F1462FEC3CE2DAA24A8E5050A0673065300A02010304053003020100302702010604220420ED39C3A3C18754DDA1AB02850DDFB11C71E214A3A4661EB9C3BA45CBEBFD4E96302E020101042930


This process will continue writing around 30000 lines to the database, and during this time, secd uses 100%+ of a CPU. Once that's finished, I can manually edit the database using an Sqlite editor, which brings the database down to around 10-15MB, and Safari passwords will resume working. Eventually the database will grow again and Keychain stops working.


Signing all devices out of iCloud Keychain does not clear this problem. Computers running 10.11.6 and 10.12.6 work normally, so the problem seems to stem from some new feature in iOS 11 and macOS 10.13.

Apple's phone support did not offer any suggestions. Does anyone know what "Manatee" is, and how I might resolve this problem?