What is "secd" process?

If it's not apparent, this is just a guess. But hopefully it gives you some leads.

First, here's what you can figure out just from the program name. If you run the command /bin/ls /usr/libexec | sort -f | egrep '.*d$' (this print all files in /usr/libexec ending in d), you'll find ftpd, hidd, networkd, systemstatsd, and a lot of programs ending in d. The "d" stands for "daemon", which basically means a helper process that always runs in the background. The sec very likely stands for "security". So secd is the "security daemon". Which makes sense because you said it looks like it works with keychain stuff.

What's the point of daemons? Some daemons stay running to either do some ongoing task. hidd ("human interface device daemon"), for example, is the process responsible for handling mouse/keyboard/trackpad input. Some other daemons do some common tasks that many other programs need. Apps can simply tell the daemon to do something instead of having code to do it themselves. So secd probably does something like this, but related to the keychain.

But what exactly? It looks like it doesn't actually handle normal use of the keychain, since I was still able to use the keychain after I disabled the secd LaunchAgent.

Inspecting the LaunchAgent gives us a clue:

It looks like secd is responsible for syncing the keychain with iCloud?

So what should you do? Try one or more of these:

  1. If you don't need iCloud keychain syncing, turn it off in iCloud preferences.
  2. Use launchctl to disable secd if it doesn't seem to adversely affect anything.
  3. If you need iCloud keychain syncing, see if you have a ton of keychain items, and remove the ones you don't need.
  4. Perhaps rebuild your keychain (make a new keychain, move items you need into it, and move it over the older one), in case there are unnecessary artifacts left over in the old keychain.

The program /usr/libexec/secd is shipped as part of OS X and is a normal security process. The documentation says it relates to "runtime security policies for processes". You can inspect the associated processes with this command: ps -ef|grep sec[iud]

On my Mac, I'm user 501 so you have this output for one user logged in:

Mac:~ bmike$ ps -ef|grep sec[iud]
    0    58     1   0 Sat12PM ??         0:56.51 /usr/sbin/securityd -i
    0   117     1   0 Sat12PM ??         0:00.15 /usr/libexec/secinitd
    0   171     1   0 Sat12PM ??         0:02.24 /usr/libexec/securityd_service
  501   205     1   0 Sat12PM ??         0:11.74 /usr/libexec/secinitd
  501  2634     1   0 Tue08PM ??         0:08.26 /usr/libexec/secd

You can see that securityd is started as root (PID 58) and then as a user (PID 205) process when you log in. The actual secd carries out the "work" and can get respawned even when you do not log out and in. As to deciphering why yours is using extra resources, it will be quite hard without digging into fsusage and some other commands to peek at running processes as well as looking over your log files. Your best bet would be to file a bug with Apple and then document how you can get it to misbehave - especially if you can reproduce it after a reboot.

There isn't currently a "man page" for secd and the one for secinitd is meager at best. Filing documentation bugs against Apple is one way to ask that the lack of documentation be remedied.


From what I know about that process (which really isn't a ton) is that it has something to do with the Mac's Keychain. What you can do is find in in the Activity Monitor and click Cmd+I to get the info about it.

One tip you can try to do is run the Keychain First Aid by going to Keychain Access in Spotlight, opening the "Keychain Access" menu, and selecting the "Keychain First Aid" option from there and follow the directions.

Hope that tip works!