From 974d67571e059d2f85944beb39b11ce6c209f45f Mon Sep 17 00:00:00 2001
From: Matt Bruce <mbrucedogs@gmail.com>
Date: Wed, 14 Jan 2026 12:38:11 -0600
Subject: [PATCH] Signed-off-by: Matt Bruce <mbrucedogs@gmail.com>

---
 .../LocalData/Services/KeychainHelper.swift    | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/Sources/LocalData/Services/KeychainHelper.swift b/Sources/LocalData/Services/KeychainHelper.swift
index 04976fa..af32940 100644
--- a/Sources/LocalData/Services/KeychainHelper.swift
+++ b/Sources/LocalData/Services/KeychainHelper.swift
@@ -45,13 +45,17 @@ actor KeychainHelper {
         let status = SecItemAdd(addQuery as CFDictionary, nil)
         
         if status == errSecDuplicateItem {
-            // Item exists, update it
-            let updateStatus = SecItemUpdate(
-                query as CFDictionary,
-                [kSecValueData as String: data] as CFDictionary
-            )
-            if updateStatus != errSecSuccess {
-                throw StorageError.keychainError(updateStatus)
+            // Item exists - delete and re-add to update both data and security attributes.
+            // SecItemUpdate cannot change accessibility or access control, so we must
+            // delete the existing item and add a new one with the desired attributes.
+            let deleteStatus = SecItemDelete(query as CFDictionary)
+            if deleteStatus != errSecSuccess && deleteStatus != errSecItemNotFound {
+                throw StorageError.keychainError(deleteStatus)
+            }
+            
+            let readdStatus = SecItemAdd(addQuery as CFDictionary, nil)
+            if readdStatus != errSecSuccess {
+                throw StorageError.keychainError(readdStatus)
             }
         } else if status != errSecSuccess {
             throw StorageError.keychainError(status)