About Keychain Services

Keychain Services provides secure storage of passwords, keys, certificates, and notes for one or more users. A user can unlock a keychain with a single password, and any Keychain Services–aware application can then use that keychain to store and retrieve passwords. This guide contains an overview of Keychain Services, discusses the functions and data structures that are most commonly used by developers, and provides examples of how to use Keychain Services in your own applications.

At a Glance

This document concentrates on the use of Keychain Services to store and retrieve passwords. Read this document if your application needs to handle passwords for:

You do not need any special knowledge of authentication schemes to use this document, but ensure that you are familiar with best practices surrounding the use and storage of passwords.

Understanding Keychains and the Keychain Services API

A keychain is an encrypted container that securely stores small chunks of data on behalf of apps and secure services. You access keychains using the Keychain Services API.

Managing Keychain Items and Keychains

Using the Keychain Services API, you can search for keychain items and read their attributes. You can also add items to a keychain or modify existing items. On macOS, you additionally have the ability to create or delete entire keychains, manage trusted applications, and perform other keychain operations using the API.

See Also

Keychain Services Reference documents all the functions and structures provided in the Keychain Services API. These include the functions and structures used in this document, plus others used primarily by keychain administrative applications such as the Keychain Access app.

For more information about storing and retrieving certificates and keys, see Certificate, Key, and Trust Services.

For a broader discussion of security in software development, read Security Overview and Secure Coding Guide.