Signed-off-by: Matt Bruce <mbrucedogs@gmail.com>

2026-01-14 13:21:26 -06:00 · 2026-01-14 13:21:26 -06:00 · 8833fd82eb
commit 8833fd82eb
parent 743df280bc
1 changed files with 16 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -46,6 +46,7 @@ These helpers are internal implementation details used by `StorageRouter`. They
 - **FileDirectory** - documents, caches, custom URL
 - **StorageError** - Comprehensive error types
 - **StorageKeyDescriptor** - Audit snapshot of a key’s storage metadata
+- **EncryptionConfiguration** - Global encryption settings (Keychain identifiers, key length)
 - **AnyStorageKey** - Type-erased storage key for catalogs
 - **AnyCodable** - Type-erased Codable for mixed-type payloads

@ -136,6 +137,21 @@ For app-level configuration (App Group identifiers, keychain service identifiers
 - Default security policy: `SecurityPolicy.recommended` (ChaCha20-Poly1305 + HKDF)
 - External key material providers can be registered via `StorageRouter`

+#### Global Encryption Configuration
+
+You can customize the identifiers used for the master key in the Keychain:
+
+```swift
+let config = EncryptionConfiguration(
+    masterKeyService: "com.myapp.LocalData",
+    masterKeyAccount: "MasterKey"
+)
+await StorageRouter.shared.updateEncryptionConfiguration(config)
+```
+
+> [!WARNING]
+> Changing the `masterKeyService` or `masterKeyAccount` in an existing app will cause the app to look for the master key in a new location. Previously encrypted data will be lost.
+
 ```swift
 struct RemoteKeyProvider: KeyMaterialProviding {
    func keyMaterial(for keyName: String) async throws -> Data {