Secure Password Storage with Keychain Functions in MBS FileMaker Plugin 16.3

The upcoming version 16.3 of the MBS FileMaker Plugin introduces a powerful set of Keychain functions for storing and managing passwords on macOS and iOS. These functions allow FileMaker solutions to securely store credentials in the system Keychain without relying on external storage or insecure plaintext fields.

On macOS and iOS, Keychain entries are automatically managed by the operating system, ensuring secure storage and controlled access for your apps.

Overview of New Keychain Functions

The plugin introduces five main functions for working with generic passwords:

• Keychain.AddGenericPassword

• Keychain.DeleteGenericPassword

• Keychain.FindGenericPassword

• Keychain.ListGenericPasswords

• Keychain.UpdateGenericPassword

1. Adding a Password

Use Keychain.AddGenericPassword function to store a new credential in the system Keychain.

MBS( "Keychain.AddGenericPassword"; "test"; "john"; "secret"; "just a test" )

Parameters:

• Service: Logical grouping (e.g. "test" or your solution name)

• Account: Username or identifier

• Password: Secret value

• Description (optional): Human-readable label, shown in Keychain utility application.

Once stored, the Keychain entry is saved in the default system Keychain and can be accessed by the same app or authorized contexts.

2. Finding a Password

Retrieve a stored password using:

MBS( "Keychain.FindGenericPassword"; "test"; "john" )

If successful, the function returns the password as text. If something goes wrong, the function returns an error. Common error codes include:

• -25300: Item not found

• -128: User canceled authentication

You can optionally control UI prompts using the UIAllowed parameter.

3. Updating an Existing Password

To change an existing Keychain entry:

MBS( "Keychain.UpdateGenericPassword"; "test"; "john"; "new secret" )

This replaces the stored password while keeping the same service and account identifiers.

4. Listing Stored Passwords

You can query all stored entries or filter by service:

MBS( "Keychain.ListGenericPasswords"; "test" )

The result is returned as JSON metadata including accounts and services, useful for administration or debugging tools.

5. Deleting a Password

To remove a credential from the Keychain:

MBS( "Keychain.DeleteGenericPassword"; "test"; "john" )

This permanently deletes the stored entry from the system Keychain.

Why Use Keychain Integration?

Using the system Keychain on macOS and iOS provides several benefits:

• Encrypted storage managed by the operating system

• No need for custom encryption logic

• Secure access control per application

• Seamless integration with Apple security services

For developers building solutions with FileMaker, this is a major step forward in simplifying secure credential management. You may use these functions on macOS and in your iOS application built with Xcode and the FileMaker iOS SDK.

Summary

The new Keychain functions in version 16.3 make it easy to securely store, retrieve, update, list, and delete passwords directly from FileMaker scripts. This brings native macOS and iOS security capabilities into your database solutions with minimal effort.

As a result, developers can build more secure applications without relying on external password storage mechanisms.