Why are the passwords copied to the “Local Objects” keychain after using AutoFill? What is “Local Objects” after all


I am thinking about using Keychain to store all my passwords, but am hesitant as I do not seem to fully understand how Keychain works.

I created a new keychain holding login credentials for some websites. Using Safari, I made use of the AutoFill feature, granting access to the keychain.

Now the credentials that have been used for AutoFill have been copied to a keychain called "Local Objects".

  1. What is this Local Objects keychain and why are my passwords copied into it?
  2. Why are they already entries in the keychain belonging to Apple (like com.apple.account.SMTP.asynchost) – is this related to Keychain being deeply integrated into macOS?
  3. Does this have any negative security implications, or: Should I care about this behavior?

Best Answer

To my knowledge, this is to put anything that can be synced with iCloud Keychain in a separate keychain. It is still technically part of the login.keychain, but kind of "partitioned" away in case you turn on iCloud Keychain and start syncing these items.

A lot of computer specific things are kept separate in the main login.keychain because having those show up on another Mac/iOS Device would cause it to misbehave since it is a physically different machine.

This is just based on my observation of macOS keychain. It only only started doing this when iCloud Keychain was introduced, and all the items in this second keychain will appear on other Macs and iOS Devices if iCloud Keychain is turned on. This second keychain changes it's name to "iCloud" when iCloud Keychain is enabled.