The multiple keychain password prompt has been a long-running unexplained behavior we haven't been able to get to the bottom of. A roll-up of bug reports:

• COMPASS-1767
• COMPASS-3091
• COMPASS-3147
• COMPASS-3215

My hunch after re-reading these tickets is this happens after an auto-update or a manual upgrade. What's most likely is that we simply need to call keytar methods from the main process via ipc rather than from the renderer as we do today. See this example on stackoverflow.

From this blog post:

One other important note: I recommend you only call node-keytar from the main process. If you set a password from the main process and then attempt to get it from a renderer process, it’ll prompt a permissions dialog for the user (this is macOS only, Windows doesn’t seem to mind either way). Additionally, I think it’s cleaner and clearer to the user if the access control list has your app name and it’s icon, instead of MyApp Helper and the generic app icon which is what you get when a renderer sets it.

More notes from previous tickets rolled up below.

—

SecKeychainFindGenericPassword, which is the method keytar uses to read a stored connection password. In the discussion:

This function automatically calls the function SecKeychainUnlock to display the Unlock Keychain dialog box if the keychain is currently locked.

A few ideas on what might need to happen:

• Maybe something in the keytar bindings is too specific?
  Maybe when we run app-migrations today, macOS needs to re-validate or something?
• Maybe a bulk-read call to fetch all passwords with FindPassword would guarantee this unlock dialog is shown once and only once in all cases (a single, implicit SecKeychainUnlock call), but there are some potential security implications to consider.