Returns one or more keychain items that match a search query, or copies attributes of specific keychain items.
- iOS 2.0+
- macOS 10.6+
- tvOS 9.0+
- watchOS 2.0+
A dictionary that describes the search. A typical
querydictionary consists of:
The class key and a corresponding value constant specifying the class of items for which to search. See Item Class Keys and Values.
One or more attribute key-value pairs specifying the attribute data to be matched. See Item Attribute Keys and Values.
One or more search key-value pairs which specify values that further refine the search. See Search Attribute Keys and Values.
A return-type key-value pair specifying the type of results you desire. See Item Return Result Keys.
On return, a reference to the found items. The exact type of the result is based on the values supplied in attributes, as discussed in Item Return Result Keys.
A result code. See Codes. Call
Sec (macOS only) to get a human-readable string explaining the result.
By default, this function returns only the first match found. To obtain more than one matching item at a time, specify the search key
k with a value greater than
result will be an object of type
CFArray containing up to that number of matching items.
By default, this function searches for items in the keychain. To instead provide your own set of items to be filtered by this search query, specify the search key
k and provide as its value a
CFArray object containing items of type
Sec. The objects in the provided array must all be of the same type.
To convert from persistent item references to normal item references, specify the search key
k with a value that consists of an object of type
CFArray referencing an array containing one or more elements of type
CFData (the persistent references), and a return-type key of
k whose value is
k. The objects in the provided array must all be of the same type.
When you use Xcode to create an application, Xcode adds an
application-identifier entitlement to the application bundle. Keychain Services uses this entitlement to grant the application access to its own keychain items. You can also add a
keychain-access-groups entitlement to the application specifying an array of keychain access groups to which the application belongs. When you call the
Sec function to add an item to the keychain, you can specify the access group to which that item should belong. By default, the
Sec function searches all the access groups to which the application belongs. However, you can add the
k key to the search dictionary to specify which access group to search for keychain items.