We are working on an application that allows to open and share encrypted containers.
These containers can be protected by a variety of access types : most users choose to use password accesses, as those are easy to setup and don't require any supplementary enrollment done by the user.
To enhance app functionnality, especially in managed environments, we would like to find a way to distribute more efficiently certificates that may be used to access the containers.
Preliminary research led me to believe that something akin to what the Android Keystore does is not doable here : the general Keychain can't be accessed by applications, which can only access their own, specific "sub-keychain". https://developer.apple.com/library/archive/qa/qa1745/_index.html
I was wondering if there were any plans to change that, especially in the case of managed environments managed by an MDM.
If there is not, is there any way the identities supplied by an MDM can be supplied directly to a managed application's keychain ? Are there any recommended usages for this use case ?