Storing APFS password in Apple’s Keychain for Time Machine
If you are using an encrypted APFS container, for example, to encrypt the Time Machine, whenever the physical disk is plugged in, MacOS asks for a decryption password with an option to store it ("remember the password") in the keychain. Suppose, a user is already using a 3rd party password manager and for the sake of convenience the aforementioned user is considering to "remember the password" to avoid having to manually copy&paste it each time the computer is turned on. For simplicity's sake, the user owns only 2 Apple devices - Apple computer and an iPhone.
Are there any major red flags or security concerns for storing such password in a keychain? From my brief research, it seems keychain security is good enough (source 1 and source 2). At the same time, it appears that keychain is unlocked whenever the login credentials (whether computer or iPhone) are used thus removing the element of layered security. By layered security, I mean the master password for the password manager which is different from the login credentials on Apple computer or iPhone.
Password manager may clear the memory after the specified timeout when the password was copied. Or even lock the app itself requiring the master password to unlock it again (app inactivity period as opposed to generic inactivity on the device). In this way, it seems that an attack to obtain the APFS password would need to be performed during a certain timeframe window as opposed to keychain which is always accessible once the user logs onto device.
Some password managers even allow you to drag'n'drop the username/password onto input fields thus bypassing the clipboard completely (not entirely sure if it is accurate). Finally, it seems that the surface of the attack is being increased if the password is remembered in keychain, because keychain on iPhone allows to retrieve the same passwords as on Mac?
To further narrow down my question, we are referring to a generic person, not someone who would fall under the category of "high risk target". Furthermore, if possible, please include both vector of attacks, remote and physical ones. For example, a burglary where both, disk with an encrypted APFS container and the Apple computer are stolen by the same individuals. After all, it seems possible to open keychain file on another computer.
