From 5be1080e087faf837753b992135e70a749d64002 Mon Sep 17 00:00:00 2001 From: Matt Bruce Date: Sat, 17 Jan 2026 12:33:50 -0600 Subject: [PATCH] Update SecureStorageSample --- .../StorageKeys/AppGroup/AppGroupUserProfileKey.swift | 2 ++ .../StorageKeys/EncryptedFileSystem/SessionLogsKey.swift | 2 ++ .../StorageKeys/FileSystem/UserProfileFileKey.swift | 2 ++ SecureStorageSample/StorageKeys/Keychain/CredentialsKey.swift | 2 ++ .../StorageKeys/Platform/SyncableSettingKey.swift | 2 ++ 5 files changed, 10 insertions(+) diff --git a/SecureStorageSample/StorageKeys/AppGroup/AppGroupUserProfileKey.swift b/SecureStorageSample/StorageKeys/AppGroup/AppGroupUserProfileKey.swift index d43b82d..d6b8977 100644 --- a/SecureStorageSample/StorageKeys/AppGroup/AppGroupUserProfileKey.swift +++ b/SecureStorageSample/StorageKeys/AppGroup/AppGroupUserProfileKey.swift @@ -23,6 +23,8 @@ extension StorageKey where Value == UserProfile { ) /// Creates a version of the key for a different App Group directory. + /// Sample-only: production apps should avoid dynamic App Group configuration and + /// migrate when storage settings change. nonisolated static func appGroupUserProfileKey( directory: FileDirectory = .documents ) -> StorageKey { diff --git a/SecureStorageSample/StorageKeys/EncryptedFileSystem/SessionLogsKey.swift b/SecureStorageSample/StorageKeys/EncryptedFileSystem/SessionLogsKey.swift index 380b37c..21d90e1 100644 --- a/SecureStorageSample/StorageKeys/EncryptedFileSystem/SessionLogsKey.swift +++ b/SecureStorageSample/StorageKeys/EncryptedFileSystem/SessionLogsKey.swift @@ -17,6 +17,8 @@ extension StorageKey where Value == [String] { ) /// Builds a variant with a custom PBKDF2 iteration count for demo purposes. + /// Sample-only: production apps should treat encryption parameters as fixed and + /// perform a migration if they must change. nonisolated static func sessionLogsKey(iterations: Int) -> StorageKey { StorageKey( name: "session_logs.json", diff --git a/SecureStorageSample/StorageKeys/FileSystem/UserProfileFileKey.swift b/SecureStorageSample/StorageKeys/FileSystem/UserProfileFileKey.swift index ba66371..1f15c00 100644 --- a/SecureStorageSample/StorageKeys/FileSystem/UserProfileFileKey.swift +++ b/SecureStorageSample/StorageKeys/FileSystem/UserProfileFileKey.swift @@ -17,6 +17,8 @@ extension StorageKey where Value == UserProfile { ) /// Builds a profile key for an alternate file directory. + /// Sample-only: production apps should keep directory decisions static; if the + /// storage domain changes, migrate instead of toggling the key at runtime. nonisolated static func userProfileFileKey(directory: FileDirectory = .documents) -> StorageKey { StorageKey( name: UserProfile.storageKeyName, diff --git a/SecureStorageSample/StorageKeys/Keychain/CredentialsKey.swift b/SecureStorageSample/StorageKeys/Keychain/CredentialsKey.swift index 908363f..c7fef60 100644 --- a/SecureStorageSample/StorageKeys/Keychain/CredentialsKey.swift +++ b/SecureStorageSample/StorageKeys/Keychain/CredentialsKey.swift @@ -18,6 +18,8 @@ extension StorageKey where Value == Credential { ) /// Builds a key with custom Keychain accessibility or access control options. + /// Sample-only: production apps should not allow dynamic key configuration; treat + /// StorageKey settings as fixed and migrate if security policies change. nonisolated static func credentialsKey( accessibility: KeychainAccessibility = .afterFirstUnlock, accessControl: KeychainAccessControl? = nil diff --git a/SecureStorageSample/StorageKeys/Platform/SyncableSettingKey.swift b/SecureStorageSample/StorageKeys/Platform/SyncableSettingKey.swift index 99beb9f..3e431fc 100644 --- a/SecureStorageSample/StorageKeys/Platform/SyncableSettingKey.swift +++ b/SecureStorageSample/StorageKeys/Platform/SyncableSettingKey.swift @@ -17,6 +17,8 @@ extension StorageKey where Value == String { ) /// Builds a variant to demonstrate different availability and sync policies. + /// Sample-only: production apps should keep availability and sync policies static; + /// if these change, migrate the data rather than altering the key at runtime. nonisolated static func syncableSettingKey( availability: PlatformAvailability = .all, syncPolicy: SyncPolicy = .never