The System keychain should be in your search list by default. There’s no need to open it. Moreover, hard coding its path is less than ideal.
You can get a reference to the System keychain without such limitations with this code:
func systemKeychain() -> SecKeychain? {
var searchListQ: CFArray? = nil
let err = SecKeychainCopyDomainSearchList(.system, &searchListQ)
guard err == errSecSuccess else {
return nil
}
let searchList = searchListQ! as! [SecKeychain]
return searchList.first
}
Still, there’s a bigger issue in play here. This isn't simply a case of SecKeychainOpen
being deprecated. Rather, the deprecation of that API is the first step along a path to deprecate the whole concept of the file-based keychain. The data protection keychain is the way forward here. See On Mac Keychains for more background to this.
We have not fully deprecated the the file-based keychain yet because there are still places where it’s your only option. You wrote:
Runs in root context , non sandboxed app
That is one place where you have to continue using the file-base keychain. Right now the data protection keychain is not available to launchd
daemons and similar code.
We hope to resolve that issue in the future. If and when that happens, you may end up needing to revisit this code. However, we haven’t announce any concrete plans for this.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"