From 371f027a2431ec139963bd1d6276bd6347de5388 Mon Sep 17 00:00:00 2001
From: Henry Heino <46334387+personalizedrefrigerator@users.noreply.github.com>
Date: Fri, 22 Aug 2025 01:32:59 -0700
Subject: [PATCH] MacOS: Fix startup failure when unable to access the keychain
 (#13006)

---
 .../services/keychain/KeychainService.test.ts   | 17 ++++++++++++++++-
 .../keychain/KeychainServiceDriver.electron.ts  |  8 +++++++-
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/packages/lib/services/keychain/KeychainService.test.ts b/packages/lib/services/keychain/KeychainService.test.ts
index 65499173db..7b8289a1df 100644
--- a/packages/lib/services/keychain/KeychainService.test.ts
+++ b/packages/lib/services/keychain/KeychainService.test.ts
@@ -1,6 +1,6 @@
 import Setting from '../../models/Setting';
 import shim from '../../shim';
-import { switchClient, setupDatabaseAndSynchronizer } from '../../testing/test-utils';
+import { switchClient, setupDatabaseAndSynchronizer, withWarningSilenced } from '../../testing/test-utils';
 import KeychainService from './KeychainService';
 import KeychainServiceDriverDummy from './KeychainServiceDriver.dummy';
 import KeychainServiceDriverElectron from './KeychainServiceDriver.electron';
@@ -134,6 +134,21 @@ describe('KeychainService', () => {
 		expect(Setting.value('keychain.supported')).toBe(0);
 	});
 
+	test('should handle the case where safeStorage.encryptString throws', async () => {
+		mockSafeStorage({
+			encryptString: () => {
+				throw new Error('Failed!');
+			},
+		});
+		Setting.setValue('keychain.supported', -1);
+
+		await KeychainService.instance().initialize(makeDrivers());
+		await withWarningSilenced(/Encrypting a setting failed/, async () => {
+			await KeychainService.instance().detectIfKeychainSupported();
+		});
+		expect(Setting.value('keychain.supported')).toBe(0);
+	});
+
 	test('should load settings from a read-only KeychainService if not present in the database', async () => {
 		mockSafeStorage({});
 
diff --git a/packages/lib/services/keychain/KeychainServiceDriver.electron.ts b/packages/lib/services/keychain/KeychainServiceDriver.electron.ts
index c6de9337db..995425ff13 100644
--- a/packages/lib/services/keychain/KeychainServiceDriver.electron.ts
+++ b/packages/lib/services/keychain/KeychainServiceDriver.electron.ts
@@ -31,7 +31,13 @@ export default class KeychainServiceDriver extends KeychainServiceDriverBase {
 		if (canUseSafeStorage()) {
 			logger.debug('Saving password with electron safe storage. ID: ', name);
 
-			const encrypted = await shim.electronBridge().safeStorage.encryptString(password);
+			let encrypted;
+			try {
+				encrypted = await shim.electronBridge().safeStorage.encryptString(password);
+			} catch (error) {
+				logger.warn('Encrypting a setting failed. Missing keychain permission?', error);
+				return false;
+			}
 			await KvStore.instance().setValue(`${kvStorePrefix}${name}`, encrypted);
 		} else {
 			// Unsupported.