I guess I'll need to set up and test with my own environment before I can say more. Since you've filed the feedback report, I guess you can update it with the result of your latest try, and see if the CloudKit team has any comment. I appreciate that! Let me know if you can or can't find a way to make it happen.

Thanks for reaching out to your colleague(s). Here is the report ID: FB16366133

Given your questions and suggestions I tried the following steps now Launch Setting’s and go to Settings -> Apple Account -> iCloud -> See All -> iCloud Passwords & Keychain Click the “Sync this Mac” toggle to disable it Actual result: Nothing happens, the toggle remains active Log out the mac user and log back in in the toggle has actually been updated to look disabled The iCloud Keychain is now gone from the Keychain Access app. ❎ The CloudKit app data is still available (All documents were redownloaded from the "Documents" zone. This means the zone still existed with all data accessible.) Fully delete the login keychain at ~/Library/Keychains/login.keychain-db Restart the mac ❎ The CloudKit app data is still available Reactivate Settings / iCloud Passwords & Keychain / “Sync this Mac” The iCloud Keychain is back to the Keychain Access app Keychain App -> Settings -> Reset Default Keychains… Restart the Mac A system alert shows “This Mac can’t connect to iCloud because of a problem with “”, Open Apple Account settings to fix this problem. App shows iCloud as temporarily unavailable and can’t sync Settings app asks for Apple Account password, I enter it App syncs again ❎ The CloudKit app data is still available It seems that none of these steps reset the key(s) used for encrypting data in CloudKit. Do you have any other ideas or could you perhaps reach out to find an answer to the question of how the user keychain reset can be triggered?

The app I'm working on creates a single zone (e.g. CKRecordZone(zoneName: "Documents") in the private database syncs documents as CKRecord to that zone, which have some fields set via encryptedValues[…] When launching the app after clearing local caches, the app fetches all zones and fetches all records from the "Documents" zone if it exists already. in my understanding, the data in CloudKit is encrypted with a key that should be resettable in some way and then would become unreachable afterwards My setup I tried this with a debug build (icloud development env) and a testflight release (icloud production env) on a separate user on my mac, which was logged in to its own iCloud account. What did I try? I closed my app, cleared its caches and then ran "Reset Default Keychains…" in the Settings of the Keychain Access app to attempt resetting encrypted data. I relaunched my app Expected result I expected the "Documents" zone to be gone, and no documents to reappear, technically expecting zoneNotFound+ CKErrorUserDidResetEncryptedDataKey Actual result All documents were redownloaded from the "Documents" zone. This means the zone still existed with all data accessible. Also, the data was still there when I checked in the CloudKit Console (development and production environment) I had a look at Delete a keychain in Keychain Access on Mac but I think it doesn't apply because "Delete Keychain iCloud…" is greyed out.

If the app goes into background, doesn't the timer also suspend and the live activity stops updating?