About Keychain Services
Keychain Services provides secure storage of passwords, keys, certificates, and notes for one or more users. A user can unlock a keychain with a single password, and any Keychain Services–aware application can then use that keychain to store and retrieve passwords. This guide contains an overview of Keychain Services, discusses the functions and data structures that are most commonly used by developers, and provides examples of how to use Keychain Services in your own applications.
At a Glance
This document concentrates on the use of Keychain Services to store and retrieve passwords. Read this document if your application needs to handle passwords for:
Multiple users—for example, an email or scheduling server that has to authenticate many users
Multiple servers—for example, a banking or insurance application, which might have to exchange information with more than one secure database server
A user who needs to enter passwords—for example, a web browser, which can use a keychain to store the passwords a user needs for multiple secure web sites
You do not need any special knowledge of authentication schemes to use this document, but ensure that you are familiar with best practices surrounding the use and storage of passwords.
Understanding Keychains and the Keychain Services API
A keychain is an encrypted container that securely stores small chunks of data on behalf of apps and secure services. You access keychains using the Keychain Services API.
Managing Keychain Items and Keychains
Using the Keychain Services API, you can search for keychain items and read their attributes. You can also add items to a keychain or modify existing items. On macOS, you additionally have the ability to create or delete entire keychains, manage trusted applications, and perform other keychain operations using the API.
Keychain Services Reference documents all the functions and structures provided in the Keychain Services API. These include the functions and structures used in this document, plus others used primarily by keychain administrative applications such as the Keychain Access app.
For more information about storing and retrieving certificates and keys, see Certificate, Key, and Trust Services.