Corrupted iCloud Keychain - Secure Notes Removed

Question

Level 1

8 points

Corrupted iCloud Keychain - Secure Notes Removed

I have encountered two separate but related issues.

1)

Corrupted Keychain

I recently updated to Sonoma 14.1.1. as it was a point update, I was not paying a whole lot of attention. After the update was completed there was no obvious sign of a problem. I don't recall an iCloud reauthentication request soon after the update. I continued using my Mac for some time. I then shut down the Mac.

It was not until the next morning when I started the Mac that I was prompted to reauthenticate with iCloud.

Once I provided my login details, my Mac seemed fine generally, with one exception... The iCloud Keychain seems to have been corrupted somehow.

My regular passwords stored via Safari are fine as far as I can tell. However, the over 100 "Secure Notes" are mostly gone. I find these symptoms very odd, it to be entirely empty... not to show a few items . For those not familiar, Secure Notes are viewable and editable via the Secure Notes tab on the Keychain Access app for MacOS.

I was hoping it was a local issue, so after much back and forth with Apple Support, I signed out and then back into iCloud. The problem persisted. It seems like the "bad" version of the data had also made it's way to iCloud. This is a big problem for me as I intentionally did not store certain passwords in the keychain accessible via Safari (security reasons). Instead I stored these records only within the secured notes...

Apple support claim that the iCloud service has no ability for them to recover any kind of point-in-time backup (even for small files like keychain).

I am assuming that this experience of an corrupted iCloud caused by an update is rare, or maybe just not enough people have reported it yet if it is 14.1.1 specific.

This leads me to the second problem...

2)

An accessible Time Machine Backup of an iCloud synced Keychain does not seem possible

Disclaimer: Due to the frankly disappointing lack of knowledge from Apple Support staff I spoke to about this issue, I cannot confidently state that the following is true... but it seems like this problem is a design problem or lack of relevant features, not a bug.

If you click the "Passwords and Keychain" checkbox found in System Settings > iCloud, your Keychain becomes synced to the iCloud. There is also some kind of local copy, as Keychain data remains accessible even with the internet inactive (I can view a secure note for example). Perhaps this local copy is the item that got corrupted and subsequently synced.

If you then attempt to create a Time Machine Backup of your Mac, it seems that Time Machine does not store files to the backup in a way that the user can then restore the Keychain in MacOS to an earlier point in time (to fix a corruption problem for example).

With the guidance of Level 2 Apple Support (via screen sharing), I deactivated iCloud Sync before attempting to perform a restore of the Keychain files that were present on Time Machine backup – but was unable to import the files into the Keychain Access app. All Keychain files were greyed out / not selectable when I attempted to import into Keychain Access.

The assumption seems to be "if it is stored in iCloud it is immune to any problems".

Maybe a restore might work if you were restoring an entire system to the same device, but certainly not by attempting to use the individual files. If like me, you have not performed a Time Machine backup for a while and only want to restore the Keychain File (like you would any other kind of file) that's a problem.

If true this is a potential danger to anyone who expects to be able to restore an iCloud synced keychain. If I had known this, I would probably have been using 1Password for the last several years.

To make matters worse – I believe that this is also a known issue – as the Apple Support staff referred to an internal document that essentially says "you can't restore".

I would like to know how many other people have encountered this issue... if I am wrong, I would love to hear from Apple (or even other community members) how this is possible to do. After 4 calls and a visit to the apple store later, my conclusion is that this is not possible generally (not just in my specific case).

Mac Studio, macOS 14.1

Posted on Nov 21, 2023 11:42 PM

Reply

Answer 1

Nov 25, 2023 1:43 AM in response to Bruce Abel

Same here.

Mac updated to Sonoma. Secure notes within Keychain have disappeared.

Also unable to restore or view despite having access to Keychain files from a Time Machine backup.

They've just gone. Not good.

Reply

Answer 2

Bruce Abel Author

Level 1

8 points

Nov 25, 2023 9:14 AM in response to michael.gill

Hi Michael,

I was hoping it was just me, but seems like it could be more widespread.

A little more detail from you may be helpful to others.

When the problem occurred were you updating from Ventura to Sonoma, or simply from the previous version of Sonoma to the latest 14.1.1 (like I did)?

Reply

Answer 3

Nov 25, 2023 10:06 AM in response to Bruce Abel

Difficult to know. The Secure Notes weren't used often. Certainly, in a short period, they've been lost at some stage.

I've now gone as far as re-installing Ventura, copying the Keychain from a time immediately after the Secure Notes were created and then trying to access. Still not there unfortunately.

I'm out of ideas. But I do know that I now can't rely on Apple for the preservation of some important information within the Keychain system.

Reply

Answer 4

Bruce Abel Author

Level 1

8 points

Nov 26, 2023 12:41 AM in response to michael.gill

Rather than a clean install, you might consider (after backing up all your data) doing a full recovery to Ventura from your previous Time Machine backup.

If you try this, please let me know if it works.

Reply

Answer 5

Chmikes

Level 1

13 points

Jan 22, 2024 8:26 AM in response to Bruce Abel

I have also corrupted username and passwords on many stored credentials, not all.

Thankfully, I use a secondary key storage. I'm glad I did so as Apple is apparently unreliable.

All corrupted credentials are marked as having been modified the 05/08/2023. Not sure if this is May or August. It should be august.

I'm also not sure what I was doing this day. The date may be bogus anyway.

Of course, as it is synchronized with iCloud, all my devices now have the corrupted credentials.

Reply

Answer 6

May 7, 2024 6:15 AM in response to Bruce Abel

Same here.

I had a separate keychain named 'important' with all my secret notes and I it was wiped out after I upgraded to Sonoma. The keychain still visible in Keychain Access app but it is empty and in the 'System Keychains' group (which prevents me from removing it). I was lucky to keep the keychain file in iCloud and was able to recover all my data.

Reply

Corrupted iCloud Keychain - Secure Notes Removed

Similar questions