These patches are not yet setting expiry times on cache keyrings, so caches in the persistent user keyring will stick around forever. We are still exploring the best way to make the cache expiry time reflect the latest credential expiry time.