KEYCHAIN_PATH ignored

[jaraco]

The macOS backend purports to support overriding the keychain file with the KEYCHAIN_PATH environment variable. In the past, I've tried to use it and wasn't able to make it work. Adding a new password always goes to the login keychain.

Looking into the code, I see that value is passed to the API calls, but the API calls ignore the name parameter that comes from that environment variable.

It looks like that parameter started being ignored in #522 (v23.1.0). Since this was an unintended regression, I'm flagging it as a bug.

[jaraco]

Apple documentation is not super clear The documentation seems to assume that a user has exactly one keychain and that's the one they use. There is a deprecated method for setting a default keychain that describes that it should be unnecessary except to set which keychain to which to store a password.

TN3137 has some background on the different implementations, including a note that

The file-based keychain is on the road to deprecation.

Ugh. That suggests to me that the only option may be to migrate to the data protection keychain and drop support for file-based keychains altogether.

I've long wanted to have access to the iCloud keychain and synchronization it affords, and at least for my use-case, that would obviate the need to have additional file-based keychains.