Encrypted sparsebundle password appears to be cached

I use this command to mount an encrypted volume:

hdiutil mount ~/Documents/secret.sparsebundle/

On first use I'm prompted for a password. I then close it either by clicking 'eject' in finder or the matching hdiutil unmount command.

If I try and re-open it using the original command, I'm sometimes granted access without the password challenge. This appears to occur across terminal sessions and (overnight) screen locks.

Is this expected behaviour or a bug? How do I ensure that the passwords are not cached?


Solution 1:

From the hdiutil man page:

unmount volume [-force]
            unmount a mounted volume without detaching any associated
            image.  Volume is a /dev entry or mountpoint.  NOTE: unmount
            does NOT detach any disk image associated with the volume.
            Images are attached and detached; volumes are mounted and
            unmounted.  hdiutil mountvol (or diskutil mount) will remount
            a volume that has been unmounted by hdiutil unmount.

The image encryption key isn't discarded until the image is detached, so after hdiutil unmount you'll be able to remount it without supplying the password. Solution: use hdiutil detach (or the eject button in Finder) instead.