Use Dropbox to Sync Mac Keychains

Replace iCloud's Missing Keychain Sync Service

Adding Additional Keychains to your Mac
Use the Add Keychain command to link to your keychain file. Screen shot courtesy of Coyote Moon, Inc.

When Apple first released iCloud for the Mac, it lacked the ability to sync Mac’s keychain file. Syncing keychain files lets you use the same passwords and logins across all of the Macs you're using.

The ability to sync passwords and logins across multiple Macs was an amazing benefit, and it seemed odd that Apple originally didn't include keychain syncing with iCloud.

In later updates to iCloud, the ability to store keychain data in an encrypted format in iCloud was added, making this workaround using Dropbox unnecessary.

If you wish to set up keychain syncing with iCloud, follow the steps outlined in:

If you would rather use Dropbox to sync your Mac’s keychain, follow the steps below.

Use Dropbox to Sync Mac Keychains 

iCloud, Apple's free replacement for the older MobileMe service, has a lot going for it, not the least of which is that it's free. But even being free doesn't make up for the loss of some key MobileMe features, including the ability to sync your Mac's keychain to other Macs.

The Mac's keychain file stores passwords and other sensitive data you routinely use. This can include items such as mail passwords, network passwords, security certificates, application passwords, and public and private keys. The ability to sync multiple Macs with a common keychain file is a great way to save time and trouble.

You can, of course, manually update each Mac you use by copying the keychain file. But this can quickly get cumbersome (and confusing), as you create new passwords or other important data on multiple Macs. Trying to determine which keychain file is the most current is an exercise in frustration.

MobileMe solved that problem by offering to automatically sync the keychain for you. The process is very simple, which makes it difficult to understand why Apple dropped this feature from iCloud.

We're going to show you how to create your own keychain syncing service using Dropbox.

You can probably use other cloud-based services to sync your keychain, but we only tested Dropbox. If you decide to try a different cloud service, these instructions should work as a general guide. Your keychain file contains sensitive data, so no matter which service you use, check it out first. Make sure it uses a high level of encryption for data sent to and from the cloud server. And remember that with any cloud service, you're placing information in a location that's beyond your direct control.

What You Need

  • Dropbox, which will serve as the central repository for your keychain file.
  • Two or more Macs that you routinely use.
  • A Mac running OS X 10.5 or later. You may be able to use Tiger (OS X 10.4), but we're unable to verify this. If you do try this with Tiger, drop us a line and let us know if it worked for you.

Before You Begin

We're going to be moving and deleting the local copy of your keychain file. Before we proceed, I highly recommend creating a current backup of your data. We will also back up the keychain file itself, as an added measure of safety.

Let's Get Started

You will need to install Dropbox on all of the Macs that you want to include in the keychain sync. You can find instructions for installing Dropbox in the following guide: Setting Up Dropbox for the Mac.

For the purpose of copying the keychain file, you need to decide which Mac is your primary Mac. It should be the one that has the most up-to-date keychain file or the one you use most often.

  1. Using the Finder, open the Keychains folder, located at ~/Library/. The tilde (~) indicates your Home folder; you should see the Library folder inside your Home folder.
  2. In OS X Lion and later, the ~/Library folder is hidden from view. You can find instructions for making the ~/Library folder visible in the following guide: OS X Lion Is Hiding Your Library Folder, or you can simply hold down the option key and select "Go" from the Finder menu. With the option key held down, "Library" will appear in the Go menu. Select "Library" from the Go menu, and a Finder window will open. You'll see the Keychains folder listed in that window.
  3. In the Keychains folder, right-click the login.keychain file and select "Duplicate" from the pop-up menu.
  4. A duplicate file, called login copy.keychain, will be created.
  5. The login copy.keychain file you just created will serve as a temporary backup of your login.keychain file.
  6. Drag the login.keychain file to your Dropbox folder. This will actually move the login.keychain file to your Dropbox folder, placing it in the cloud, where your other Macs can use it. You'll notice that the login.keychain file is no longer present on your Mac locally. We need to tell the Keychain Access application where the keychain file is; otherwise, it will create a new, blank file to use.
  1. Launch Keychain Access, located in /Applications/Utilities.
  2. From the Keychain Access menu, select File, Add Keychain.
  3. In the sheet that opens, navigate to your Dropbox folder and select the login.keychain file. Click the Add button.

Your primary Mac is now linked to the Dropbox copy of the login.keychain file. Now we need to link any additional Macs you want to sync to the same file.

Add Your Other Macs

You need to follow the above steps for each Mac you want to sync with the common keychain file, with one exception. After you create the backup of the existing keychain file, you need to delete the login.keychain file on each Mac you are syncing.

So the steps to follow are:

Steps 1 through 5.

Drag the login.keychain file to the trash.

Steps 7 to 9.

That's it. Your Macs are now linked to the Dropbox copy of the login.keychain file, ensuring that they will all sync to the same keychain file.

About Those Temporary Backups…

We created temporary backups of the keychain files just in case something went wrong during the process. If you run into an issue, you can simply rename the backup copies to login.keychain and then, if needed, launch Keychain Access and add the login.keychain file.

If everything went well, you can delete the temporary backups you created, or you can just leave them in place. They won't affect your Mac, and they'll allow you to return your Mac to the state it was in before you set up keychain syncing, should you wish to.

Published: 5/6/2012

Updated: 1/4/2016