Securely store credentials safely in iOS

February 20, 2019

If you're building an app chances are it requires some sort of authentication. Typically you would perform network calls an pass in a Authorization token that you've stored after login and it persists through the app.

The struggle is how do you save it securely? (Don't use UserDefaults!)

Apple has this concept called Keychains. Keychain is a secure storage. You can store all kind of sensitive data in it: user passwords, credit card numbers, secret tokens etc. Once stored in Keychain this information is only available to your app, other apps can't see it. Besides that, operating system makes sure this information is kept and processed securely.

Alright, enough with the theory, how do I do it?

Easy!

  1. Install a library to make your life a lot easier

    pod 'KeychainAccess'
  2. Start using it!

import KeychainAccess

...

let keychain = Keychain(service: "<Your App ID>")

// Saving information
keychain["oauthToken"] = "43fdg9234-sr43gdsa243"

// Retrieving information
print(keychain["oauthToken"]) // 43fdg9234-sr43gdsa243
...