Skip to content

AccessControlFlag

Inherits: Enum

Keychain access control flags that define security conditions for accessing items.

These flags can be combined to create complex access control policies using the access_control_flags parameter in IOSOptions or MacOsOptions.

Rules for combining flags
  • Use AccessControlFlag.OR to allow access if any condition is met
  • Use AccessControlFlag.AND to require that all specified conditions are met
  • Only one logical operator (OR/AND) can be used per combination

Properties

  • AND

    Combine multiple constraints with an AND operation.

  • APPLICATION_PASSWORD

    Use an application-provided password for encryption.

  • BIOMETRY_ANY

    Constraint to access an item with biometrics (Touch ID/Face ID).

  • BIOMETRY_CURRENT_SET

    Constraint to access an item with the currently enrolled biometrics.

  • DEVICE_PASSCODE

    Constraint to access an item with a passcode.

  • OR

    Combine multiple constraints with an OR operation.

  • PRIVATE_KEY_USAGE

    Enable private key usage for signing operations.

  • USER_PRESENCE

    Constraint to access an item with either biometry or passcode.

  • WATCH

    Constraint to access an item with a paired watch.

Properties#

AND = 'and' class-attribute instance-attribute #

Combine multiple constraints with an AND operation.

APPLICATION_PASSWORD = 'applicationPassword' class-attribute instance-attribute #

Use an application-provided password for encryption.

BIOMETRY_ANY = 'biometryAny' class-attribute instance-attribute #

Constraint to access an item with biometrics (Touch ID/Face ID).

BIOMETRY_CURRENT_SET = 'biometryCurrentSet' class-attribute instance-attribute #

Constraint to access an item with the currently enrolled biometrics.

DEVICE_PASSCODE = 'devicePasscode' class-attribute instance-attribute #

Constraint to access an item with a passcode.

OR = 'or' class-attribute instance-attribute #

Combine multiple constraints with an OR operation.

PRIVATE_KEY_USAGE = 'privateKeyUsage' class-attribute instance-attribute #

Enable private key usage for signing operations.

USER_PRESENCE = 'userPresence' class-attribute instance-attribute #

Constraint to access an item with either biometry or passcode.

WATCH = 'watch' class-attribute instance-attribute #

Constraint to access an item with a paired watch.

Usage example#

Require biometrics OR device passcode:

options = IOSOptions(
    access_control_flags=[
        AccessControlFlag.BIOMETRY_ANY,
        AccessControlFlag.OR,
        AccessControlFlag.DEVICE_PASSCODE
    ]
)