Adds one or more items to a keychain.


OSStatus SecItemAdd(CFDictionaryRef attributes, CFTypeRef  _Nullable *result);



A dictionary that describes the item to add. A typical attributes dictionary consists of:

  • The item's class. Different attributes and behaviors apply to different classes of items. You use the kSecClass key with a suitable value to tell keychain services whether the data you want to store represents a password, a certificate, a cryptographic key, or something else. See Item Class Keys and Values.

  • The data. Use the kSecValueData key to indicate the data you want to store. Keychain services takes care of encrypting this data if the item is secret, namely when it’s one of the password types or involves a private key.

  • Optional attributes. Include attribute keys that allow you to find the item later and that indicate how the data should be used or shared. You may add any number of attributes, although many are specific to a particular class of item. See Item Attribute Keys and Values for the complete list.

  • Optional return types. Include one or more return type keys to indicate what data, if any, you want returned upon successful completion. You often ignore the return data from a SecItemAdd call, in which case no return value key is needed. See Item Return Result Keys for more information.


On return, a reference to the newly added items. The exact type of the result is based on the values supplied in attributes, as discussed in Item Return Result Keys. Pass nil if you don’t need the result. Otherwise, your app becomes responsible for releasing the referenced object.

Return Value


To add multiple items to a keychain at once use the kSecUseItemList key in the attributes dictionary with an array of dictionaries (each corresponding to one of the items) as its value. This is only supported for non-password items.

When you use Xcode to create an application, Xcode adds an application-identifier entitlement to the application bundle. Keychain Services uses this entitlement to grant the application access to its own keychain items. If you want the new keychain item to be shared among multiple applications, include the kSecAttrAccessGroup key in the attributes dictionary. The value of this key must be the name of a keychain access group to which all of the programs that will share this item belong.

See Also

Adding Keychain Items

Adding a Password to the Keychain

Add network credentials to the keychain on behalf of the user.

Item Class Keys and Values

Specify the class of a keychain item.

Item Attribute Keys and Values

Specify the attributes of keychain items.