Skip to main content

AccessControlFlag

Keychain access control flags that define security conditions for accessing items.

These flags can be combined to create complex access control policies using the access_control_flags parameter in IOSOptions or MacOsOptions.

Rules for combining flags:

  • Use AccessControlFlag.OR to allow access if any condition is met
  • Use AccessControlFlag.AND to require that all specified conditions are met
  • Only one logical operator (OR/AND) can be used per combination

Inherits: enum.Enum

Properties

  • AND - Combine multiple constraints with an AND operation.
  • APPLICATION_PASSWORD - Use an application-provided password for encryption.
  • BIOMETRY_ANY - Constraint to access an item with biometrics (Touch ID/Face ID).
  • BIOMETRY_CURRENT_SET - Constraint to access an item with the currently enrolled biometrics.
  • DEVICE_PASSCODE - Constraint to access an item with a passcode.
  • OR - Combine multiple constraints with an OR operation.
  • PRIVATE_KEY_USAGE - Enable private key usage for signing operations.
  • USER_PRESENCE - Constraint to access an item with either biometry or passcode.
  • WATCH - Constraint to access an item with a paired watch.

Properties

ANDclass-attributeinstance-attribute

Combine multiple constraints with an AND operation.

APPLICATION_PASSWORDclass-attributeinstance-attribute

Use an application-provided password for encryption.

BIOMETRY_ANYclass-attributeinstance-attribute

Constraint to access an item with biometrics (Touch ID/Face ID).

BIOMETRY_CURRENT_SETclass-attributeinstance-attribute

Constraint to access an item with the currently enrolled biometrics.

DEVICE_PASSCODEclass-attributeinstance-attribute

Constraint to access an item with a passcode.

ORclass-attributeinstance-attribute

Combine multiple constraints with an OR operation.

PRIVATE_KEY_USAGEclass-attributeinstance-attribute

Enable private key usage for signing operations.

USER_PRESENCEclass-attributeinstance-attribute

Constraint to access an item with either biometry or passcode.

WATCHclass-attributeinstance-attribute

Constraint to access an item with a paired watch.

Usage example

Require biometrics OR device passcode:

options = IOSOptions(
    access_control_flags=[
        AccessControlFlag.BIOMETRY_ANY,
        AccessControlFlag.OR,
        AccessControlFlag.DEVICE_PASSCODE
    ]
)