Enumeration

SecAccessControlCreateFlags

Access control constants that dictate how a keychain item may be used.

Declaration

typedef enum SecAccessControlCreateFlags : CFOptionFlags {
    ...
} SecAccessControlCreateFlags;

Overview

Use these flags with the SecAccessControlCreateWithFlags function, or as the value associated with the kSecAttrAccessControl key in a keychain item's attribute dictionary, to control keychain item accessibility.

Topics

Constraints

kSecAccessControlDevicePasscode

Constraint to access an item with a passcode.

kSecAccessControlBiometryAny

Constraint to access an item with Touch ID for any enrolled fingers, or Face ID.

kSecAccessControlBiometryCurrentSet

Constraint to access an item with Touch ID for currently enrolled fingers, or from Face ID with the currently enrolled user.

kSecAccessControlUserPresence

Constraint to access an item with either biometry or passcode.

kSecAccessControlWatch

Constraint to access an item with a watch.

Conjunctions

kSecAccessControlAnd

Indicates that all constraints must be satisfied.

kSecAccessControlOr

Indicates that at least one constraint must be satisfied.

Additional Options

kSecAccessControlApplicationPassword

Option to use an application-provided password for data encryption key generation.

kSecAccessControlPrivateKeyUsage

Enable a private key to be used in signing a block of data or verifying a signed block.

Legacy Constraints

kSecAccessControlTouchIDAny

Constraint to access an item with Touch ID for any enrolled fingers.

Deprecated
kSecAccessControlTouchIDCurrentSet

Constraint to access an item with Touch ID for currently enrolled fingers.

Deprecated

See Also

Keychain Item Access

Sharing Access to Keychain Items Among a Collection of Apps

Enable apps to share keychain items with each other by adding the apps to an access group.

Keychain Access Groups Entitlement

The identifiers for the keychain groups that the app may share items with.

Key: keychain-access-groups
Restricting Keychain Item Accessibility

Set the conditions under which an app can access a keychain item such as a password.

SecAccessControlCreateWithFlags

Creates a new access control object with the specified protection type and flags.

SecAccessControlRef

An opaque type that contains information about how a keychain item may be used.

SecAccessControlGetTypeID

Returns the unique identifier of the opaque type to which a keychain item access control object belongs.