TopDogLabs/LocalData
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d95e5660ef
LocalData/Sources/LocalData/Documentation.docc/Security.md
Matt Bruce 84c277f2ec docc docs 
Signed-off-by: Matt Bruce <mbrucedogs@gmail.com>
2026-01-17 10:48:31 -06:00

1.3 KiB
Raw Blame History

Security

Security is declared per key using SecurityPolicy.

Recommended default

Use the default security policy unless you have a specific reason not to:

let key = StorageKey(
    name: "secure_value",
    domain: .fileSystem(directory: .documents),
    owner: "Security",
    description: "Sensitive value stored with recommended policy."
)

Keychain security

Store data directly in Keychain with accessibility and access control:

let key = StorageKey(
    name: "token",
    domain: .keychain(service: "com.myapp"),
    security: .keychain(
        accessibility: .afterFirstUnlock,
        accessControl: .biometryAny
    ),
    owner: "Auth",
    description: "Auth token."
)

Encrypted file storage

Use encryption for file-based storage:

let key = StorageKey(
    name: "secret_file",
    domain: .encryptedFileSystem(directory: .documents),
    owner: "Vault",
    description: "Encrypted file data."
)

External key material

Register a provider and reference it in the policy:

struct RemoteKeyProvider: KeyMaterialProviding {
    func keyMaterial(for keyName: String) async throws -> Data {
        Data(repeating: 1, count: 32)
    }
}

let source = KeyMaterialSource(id: "remote.key")
await StorageRouter.shared.registerKeyMaterialProvider(RemoteKeyProvider(), for: source)