accessControlFlags property

List<AccessControlFlag> accessControlFlags
final

Keychain access control flags define security conditions for accessing items. These flags can be combined to create custom security policies.

Using Logical Operators:

  • Use AccessControlFlag.or to allow access if any of the specified conditions are met.
  • Use AccessControlFlag.and to require that all specified conditions are met.

Rules for Combining Flags:

  • Only one logical operator (or or and) can be used per combination.
  • Logical operators should be placed after the security constraints.

Supported Flags:

  • userPresence: Requires user authentication via biometrics or passcode.
  • biometryAny: Allows access with any enrolled biometrics.
  • biometryCurrentSet: Requires currently enrolled biometrics.
  • devicePasscode: Requires device passcode authentication.
  • watch: Allows access with a paired Apple Watch.
  • privateKeyUsage: Enables use of a private key for signing operations.
  • applicationPassword: Uses an app-defined password for encryption.

Implementation

final List<AccessControlFlag> accessControlFlags;