[quote='832308022, DTS Engineer, /thread/778797?answerId=832308022#832308022'] user is involved then can use Keychain Access (or the security tool) [/quote] For ACL, i have manually checked "Allow all applications to access this item", even that doesn't seem to help with the prompts to user for their password. The requirement is pretty much what i have already stated, need to be able to sign some data with private key of an identity installed in login keychain without prompting user for their login password. That identity will come pre-installed, it's ACL could be updated through some MDM to include my application. Updating ACL to include my application seems to be enough for system keychain level identity. No prompts after that. However when doing the same thing for login keychain, the prompts still persist. There has to be a way to do this without bothering user