Signed-off-by: Matt Bruce <mbrucedogs@gmail.com>

2026-01-14 12:38:11 -06:00 · 2026-01-14 12:38:11 -06:00 · 974d67571e
commit 974d67571e
parent 2b3834b3c1
1 changed files with 11 additions and 7 deletions
--- a/Sources/LocalData/Services/KeychainHelper.swift
+++ b/Sources/LocalData/Services/KeychainHelper.swift
@ -45,13 +45,17 @@ actor KeychainHelper {
        let status = SecItemAdd(addQuery as CFDictionary, nil)
        
        if status == errSecDuplicateItem {
-            // Item exists, update it
-            let updateStatus = SecItemUpdate(
-                query as CFDictionary,
-                [kSecValueData as String: data] as CFDictionary
-            )
-            if updateStatus != errSecSuccess {
-                throw StorageError.keychainError(updateStatus)
+            // Item exists - delete and re-add to update both data and security attributes.
+            // SecItemUpdate cannot change accessibility or access control, so we must
+            // delete the existing item and add a new one with the desired attributes.
+            let deleteStatus = SecItemDelete(query as CFDictionary)
+            if deleteStatus != errSecSuccess && deleteStatus != errSecItemNotFound {
+                throw StorageError.keychainError(deleteStatus)
+            }
+            
+            let readdStatus = SecItemAdd(addQuery as CFDictionary, nil)
+            if readdStatus != errSecSuccess {
+                throw StorageError.keychainError(readdStatus)
            }
        } else if status != errSecSuccess {
            throw StorageError.keychainError(status)