search

kishikawakatsumi / KeychainAccess

Simple Swift wrapper for Keychain that works on iOS, watchOS, tvOS and macOS.
MIT License
7.95k stars 789 forks source link

How to ensure the keys are NOT shared on iCloud? #476

Closed houmie closed 4 years ago

houmie commented 4 years ago

For the lack of a better idea, I'm using the keychain to store device specific information (username/password). It would become very messy if the information is shared across iCloud to other devices that the user may hold. Hence I would like to prevent that and keep the keychain entries per device.

It is very difficult to test this with sandbox user, I hope you don't mind me asking here:

let keychain = Keychain(service: "com.example.github-token").synchronizable(false)
keychain["username"] = "U123"

If .synchronizable is set to false, I can be rest assured that the key/value won't be synced to the user's iCloud and is kept local?

Many Thanks, Houman

kishikawakatsumi commented 4 years ago

Yes, it does. .synchronizable == false means it doesn't sync to iCloud backup.

https://developer.apple.com/documentation/security/ksecattrsynchronizable

Also, set the .accesible parameter to some kind of ...ThisDeviceOnly. It will prevent the keychain items from being restored from iTunes local backup to another device.

houmie commented 4 years ago

Thank you. That was very helpful.