OZKeychainStorageAdapter

@available(iOS 13.0, macOS 10.15, *)
public final actor OZKeychainStorageAdapter : OZStorageAdapter

Persistent OZStorageAdapter backed by the iOS / macOS Keychain Services API.

Stores credential and session payloads as kSecClassGenericPassword items using the Security framework’s SecItem* primitives. Each entry is a UTF-8 JSON document keyed by a stable account name:

cred_<credentialId> for individual stored credentials,
credential_index for the JSON-encoded list of known credential IDs,
session_current for the active session.

All items are written with kSecAttrAccessibleAfterFirstUnlock so they survive app restarts but become inaccessible until the device is unlocked after a reboot.

Thread safety is provided by Swift Concurrency actor isolation, so all operations serialize even when invoked from multiple tasks.

Example:

let storage = OZKeychainStorageAdapter()
try await storage.save(credential: credential)
let loaded = try await storage.get(credentialId: credential.credentialId)

Important

On iOS Simulator and unsigned macOS test binaries, Keychain access requires the keychain-access-groups entitlement to be configured.

Show on GitHub

defaultServiceName
Default Keychain service name used as kSecAttrService for every item.

Consumers can override this via the initializer to scope the adapter to a different service identifier — useful when multiple isolated stores must coexist within the same app (for example, separate test scopes or per-tenant scoping).
Declaration
Swift

public static let defaultServiceName: String
Show on GitHub


                    
                    
                    init(serviceName:)

Initializes a new OZKeychainStorageAdapter.

Declaration

Swift

public init(serviceName: String = OZKeychainStorageAdapter.defaultServiceName)

Parameters


                                serviceName

Keychain service identifier (kSecAttrService). Defaults to OZKeychainStorageAdapter.defaultServiceName.

Show on GitHub


                    
                    
                    save(credential:)

Asynchronous

Declaration

Swift

public func save(credential: OZStoredCredential) async throws

Show on GitHub


                    
                    
                    get(credentialId:)

Asynchronous

Declaration

Swift

public func get(credentialId: String) async throws -> OZStoredCredential?

Show on GitHub


                    
                    
                    getByContract(contractId:)

Asynchronous

Declaration

Swift

public func getByContract(contractId: String) async throws -> [OZStoredCredential]

Show on GitHub


                    
                    
                    getAll()

Asynchronous

Declaration

Swift

public func getAll() async throws -> [OZStoredCredential]

Show on GitHub

delete(credentialId:) Asynchronous
Declaration
Swift

public func delete(credentialId: String) async throws
Show on GitHub


                    
                    
                    update(credentialId:updates:)

Asynchronous

Declaration

Swift

public func update(credentialId: String, updates: OZStoredCredentialUpdate) async throws

Show on GitHub

clear() Asynchronous
Declaration
Swift

public func clear() async throws
Show on GitHub


                    
                    
                    saveSession(_:)

Asynchronous

Declaration

Swift

public func saveSession(_ session: OZStoredSession) async throws

Show on GitHub


                    
                    
                    getSession()

Asynchronous

Declaration

Swift

public func getSession() async throws -> OZStoredSession?

Show on GitHub

clearSession() Asynchronous
Declaration
Swift

public func clearSession() async throws
Show on GitHub