When an app saves an item to the keychain, macOS adds that app to the Access Control List so your app can access it later. If you try to access that item from a different app, macOS will show a system prompt asking the user if they want to allow access. This is documented here.
App Name wants to use your confidential information stored in "com.company.appname.key" in your keychain. To allow this, enter the "login" keychain password.
How does macOS know which apps have access? Is it by bundle id, signing certificates, location of the app on disk, something else?
In our app, we’re seeing this prompt unexpectedly when we try to access an entry we know only our app created so I’m trying to figure out why macOS thinks it's a different app. When I go view the item in Keychain Access it shows our app name listed in Access Control under "Always allow access by these applications" but the icon is a generic file, making me believe it thinks the new version of the app is not the same app. Note that I no longer have the old version installed.
