macOS: Using Keychain’s “Secure Notes” Feature

If you need to store private information on your Mac—like, say, your spouse’s social security number or that horrible poem you wrote—what’s the best way to go about it? Well, for the poem, I’d say just delete it, empty your trash, and then bury your computer at sea so no one will ever, ever find it. For more mundane data like a social security number, though, I truly think the best method is using a password manager like 1Password (which’ll let you add notes, too). They didn’t pay me to say that, either! I just like the program a lot.

If you’re unwilling to go that route, however, there is a feature of a built-in program called Keychain Access that’ll let you store notes in a very secure way. If you’d like to take a look, open the app first—you can get to it within the Applications > Utilities folder by using Finder’s “Go” menu.

Finder Go Menu gets you to the Utilities folder and Keychain Access

Once the app is open, click on “Secure Notes” from the sidebar and then click on the keychain where you’d like to store yours.

Keychain Access Sidebar showing Secure Notes

I’d suggest using either the “login” or “iCloud” keychain for this—the only difference is that the “iCloud” one will sync these notes to any other Macs that are set up with your iCloud Keychain. The notes won’t sync to your iOS devices, though.

Anyway, once you’ve selected both options, click the plus button at the bottom-left corner of the window.

Keychain Access Plus Button lets you add new entries including Secure Notes

Then you can give your new note a name and type the stuff you want to keep private under the “Note” field.

Entering a Secure Note in Keychain Access

When you’re finished, click “Add,” and your note will appear in the list. If you want to look at it at any point afterward, just go back to Keychain Access, click “Secure Notes” in the sidebar, and choose the keychain you added it to.

Keychain Access showing the Secure Notes Window

Double-click on the note to view it, and when you do, you won’t see the secret info you typed yet—yay! It’s still all hidden and private and stuff.

Show Note Button in a Keychain Access Secure Note

You’ll need to click the “Show Note” box I’ve called out above, and then your Mac will make you type in your login password to prove that you have the right to view its contents.

Viewing Keychain Access Secure Note contents requires your password

I personally like this method better than, say, using iCloud’s password-protected notes because it’s sort of “security by obscurity”—no one will likely think to look in Keychain Access for your notes. Which is good if you’re the type who doesn’t want anyone to even know that you have secrets to keep! Plus, you only have to remember one password—your Mac’s login one—which makes losing access less likely, and it’s darned secure as long as no one knows that password. For those same reasons, I like using Keychain Access better than password-protected documents, too. But I CERTAINLY like it better than what I see a lot of people do, which is using Contacts’ “Notes” field to store very secret data.

Contacts Window showing a notes in a contact entry that should be stores in a Keychain Access Secure Note

Yeah, don’t do that, all right?

7 thoughts on “macOS: Using Keychain’s “Secure Notes” Feature

    1. That’s tricky, and there may not be any way to recover it. You can try to restore your keychains file from a Time Machine backup prior to deleting it, but there’s no real guarantee that will work. I see some success stories on Apple’s forums doing that, but also many failures.

  • This is indeed a great tip.
    Some drawbacks- “Secure Notes” aren’t retrievable on iOS (mobile/tablet), only on Laptop/Desktop macOS.
    Also, if you sync to iCloud, ANY of the devices it syncs to can access the notes, but each with their own local password. So if any of your devices have been compromised/lost+pw-hacked (which they, hopefully, are not), then your notes are viewable from that compromised device.

  • Of course, be sure that nobody knows your login password or your security is gone.
    But the login keychain is just the default. You can also create a new keychain and store whatever you want in it – it can contain website passwords and/or notes as in this tip. Just select “New Keychain… ” from the Keychain Access “File” menu. It will prompt you for a new password during creation.
    With a separate keychain, you can also set additional settings.. like “Lock after a X minutes”, or “Lock when Sleeping”. These are great options for situations that require a higher level of security than .. say .. your TMO password . 😉

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.