We have a Developer ID app that has been functioning normally for well over 10 years, we store the username and password of their account to the local Keychain very simply:
NSURLCredential *credential = nil; NSURLProtectionSpace *space = [[NSURLProtectionSpace alloc] initWithHost:[myUrl host] port:[[myUrl port] integerValue] protocol:[myUrl scheme] realm:nil authenticationMethod:NSURLAuthenticationMethodHTMLForm]; credential = [[NSURLCredential alloc] initWithUser:[self userid] password:[self password] persistence:NSURLCredentialPersistencePermanent]; [[NSURLCredentialStorage sharedCredentialStorage] setCredential:credential forProtectionSpace:space];
We've been able to reproduce on 10.15 machines that after some amount of time, and especially after system sleep, the keychain item simply dissappears. It's not just that the app can't access it, it simply is gone from Keychain Access entirely. In fact if you leave Keychain Access open, then wake the system from sleep, you can literally see the item dissappear before your eyes if that window is in the foreground.
Note that the app can launch/quit/launch/quit many times and read back the item (so no permission problem), but then "randomly" the item will just dissappear, doesn't matter if the app is running or not. I thought maybe the underlying implementation changed on Catalina to support the new iOS-style Keychain and we don't have a provisioning profile or anything, so I re-wrote the code to first use SecItemAdd, same problem, then the ancient SecKeychainAddInternetPassword API, still dissappears.
I even had it dirty the keychain item (by re-setting the password data and then seeing the date modified change in Keychain Access) each launch time to see if it was somehow getting stale (though I don't know how), doesn't make a difference.
This only happens on 10.15, so I'm not sure what else to try. Any idea why an Internet Password Keychain item would just be removed from the system? My test account does have iCloud Keychain turned on, but this dissappearing entry is only being written to/read from the "login" Keychain and shouldn't be affected by syncing. Especially when using SecKeychainAddInternetPassword is used.