How do I copy the "Local Items" keychain over to a new Mac?

mj_

macrumors 6502a
Original poster
May 18, 2017
603
309
Austin, TX
Due to the keyboard trouble with my 2016 MBP I've had to purchase a 2015 MBP and restore it from my latest 2016 MBP 10.13.2 Time Machine backup. Most things went well but I realized that pretty much all of my Safari logins are missing. After some research I found out that they are all saved in the "Local Items" keychain on my old Mac, and that has apparently not been included in the backup. I've tried these steps but the "Local Items" keychain is not included: https://support.apple.com/kb/PH20120?locale=en_US

Exporting these items isn't possible since the menu item is greyed out for "Local Items" entries. Thus, I can see no way of exporting this keychain, the only way I found was copy & paste the items into another keychain. However, that would require me to type in my password for each and every item - 335x in total.

I've also tried this: https://apple.stackexchange.com/questions/219519/how-to-copy-the-local-items-keychain-to-a-new-mac
But, as soon as I set a blank password the "Local Items" keychain on the old Mac is empty.

Surely there must be another way to get the "Local Items" items onto my new Mac?
 
  • Like
Reactions: niji

mj_

macrumors 6502a
Original poster
May 18, 2017
603
309
Austin, TX
Well, apparently there is only one solution to this: using the iCloud Keychain.
Had to activate it on the old 2016 MBP first, after which "Local Items" turned into "iCloud". Then do the same on the new 2015 MBP and wait for passwords to sync. Afterwards, disable it again and make sure to keel local passwords - done.

Only problem is that I have not yet found a way to delete my keychain from Apple's servers now...
 
  • Like
Reactions: niji

mj_

macrumors 6502a
Original poster
May 18, 2017
603
309
Austin, TX
No, it only asks me whether or not I want to keep the synchronized items in my local keychain. The iCloud Keychain remains unaffected by this, and the passwords remain stored on Apple's servers and all other devices with enabled iCloud keychain synchronization.
 

alexclst

macrumors member
Dec 24, 2007
52
19
Saint Paul, MN
I wouldn’t worry about the keychain remaining in iCloud if I were you. The way the feature is designed Apple cannot decrypt the data at all. Only devices you authorize are ever given the decryption key, shared directly between devices without going through Apple servers in any way they can read it. So if the keychain remains on Apple servers or not it isn’t readable by anyone except you.
 

mj_

macrumors 6502a
Original poster
May 18, 2017
603
309
Austin, TX
I'm not saying anyone can access my passwords right now. But who says that will still be true two years down the road? Or five years? Or ten? Just look at what we deemed to be 100% secure 10 or 15 years ago. Today, any $100 Android smartphone can brute force attack the WEP encryption algorithm and present you with the encryption key in less than 60 seconds.

You can go ahead and not worry about your passwords stored on somebody else's server but I would very much like to delete that file from Apple's servers sooner rather than later. It seems that they are unwilling to let go, though. The only way I can think of right now is to take a brand-new Mac, enter my iCloud credentials, enable iCloud keychain, wait for the passwords to sync with said brand-new Mac, delete them all from the iCloud keychain using the Keychain Access application, wait for the deletions to sync, and disable iCloud keychain synchronization again.

With some luck this will overwrite my current keychain with an empty one.
 

GordonGekko999

macrumors 6502
Mar 6, 2009
323
61
I'm not saying anyone can access my passwords right now. But who says that will still be true two years down the road? Or five years? Or ten? Just look at what we deemed to be 100% secure 10 or 15 years ago. Today, any $100 Android smartphone can brute force attack the WEP encryption algorithm and present you with the encryption key in less than 60 seconds.

You can go ahead and not worry about your passwords stored on somebody else's server but I would very much like to delete that file from Apple's servers sooner rather than later. It seems that they are unwilling to let go, though. The only way I can think of right now is to take a brand-new Mac, enter my iCloud credentials, enable iCloud keychain, wait for the passwords to sync with said brand-new Mac, delete them all from the iCloud keychain using the Keychain Access application, wait for the deletions to sync, and disable iCloud keychain synchronization again.

With some luck this will overwrite my current keychain with an empty one.
https://forums.macrumors.com/threads/data-migration-local-keychain-passwords-not-appearing.1905840/page-2#post-25681774

This is one of the most frustrating experiences with MacOS that generally runs smooth for me as it seems there is no solution if you don't want to use iCloud keychain.

If you can help with the above thread, I actually copied and pasted 279 local keychain passwords to a new keychain folder, I still have to copy and paste 37 secure notes in the same fashion but I am hoping if the same thing happens and I lose the local folder, the new folder will still be present.

Here is the current dilemma, I lost my local keychain folder when I migrated to a new Macbook Pro, but for now all I am doing is upgrading from Yosemite to High Sierra, does anyone know if upgrading is different from a migration vis a vis this Keychain issue?

Also if you decide that you never want to use iCloud, how do you stop Safari from using the Local Items folder as the default place to store future website passwords? From my research I don't think it is possible, so in the future, when I do need to migrate to a new machine, the problem will still be present.

And I would use iCloud temporarily but I feared what happened to you and now that you confirmed you can't delete the passwords from the iCloud servers or at least it is a big pain in the neck to accomplish, it makes me even more reticent about using iCloud.

I just wish Keychain worked in a more intuitive fashion and this problem could be fixed by Apple.

Maybe a third party app that is free and does not utilize the cloud is the only way to go, perhaps one that would be able to import all of the keychain passwords.
 

GordonGekko999

macrumors 6502
Mar 6, 2009
323
61
https://forums.macrumors.com/threads/data-migration-local-keychain-passwords-not-appearing.1905840/page-2#post-25681774

This is one of the most frustrating experiences with MacOS that generally runs smooth for me as it seems there is no solution if you don't want to use iCloud keychain.

If you can help with the above thread, I actually copied and pasted 279 local keychain passwords to a new keychain folder, I still have to copy and paste 37 secure notes in the same fashion but I am hoping if the same thing happens and I lose the local folder, the new folder will still be present.

Here is the current dilemma, I lost my local keychain folder when I migrated to a new Macbook Pro, but for now all I am doing is upgrading from Yosemite to High Sierra, does anyone know if upgrading is different from a migration vis a vis this Keychain issue?

Also if you decide that you never want to use iCloud, how do you stop Safari from using the Local Items folder as the default place to store future website passwords? From my research I don't think it is possible, so in the future, when I do need to migrate to a new machine, the problem will still be present.

And I would use iCloud temporarily but I feared what happened to you and now that you confirmed you can't delete the passwords from the iCloud servers or at least it is a big pain in the neck to accomplish, it makes me even more reticent about using iCloud.

I just wish Keychain worked in a more intuitive fashion and this problem could be fixed by Apple.

Maybe a third party app that is free and does not utilize the cloud is the only way to go, perhaps one that would be able to import all of the keychain passwords.
I'm resurrecting this thread to see if someone knows how to get new passwords to default to your folder of choice if you are not using Icloud and you don't want new passwords to go to Local Items folder.

Also if someone has a good Mac free third party keychain app that allows for local storage so I can end this Keychain madness.