MIT License
This project demonstrates using encrypted values with CloudKit and iCloud containers. CloudKit encrypts data with key material stored in a customer’s iCloud Keychain. If a customer loses access to their iCloud Keychain, CloudKit cannot access the key material previously used to encrypt data stored in the cloud, meaning that data can no longer be decrypted and accessed by the customer. More information about this is covered in the “Error Handling” section below.
containerIdentifier
property in Config.swift with your new iCloud container ID.This project only differs very slightly from other samples, in that it uses the encryptedValues
property of CKRecord
in two places.
Setting the phoneNumber
value in ViewModel.swift addContact
:
contactRecord.encryptedValues["phoneNumber"] = phoneNumber
…and retrieving the phoneNumber
value (in Contact.swift Contact.init(record:)
):
let phoneNumber = record.encryptedValues["phoneNumber"] as? String
You can confirm that the value is encrypted by viewing the schema in CloudKit Dashboard and confirming that the phoneNumber
custom field under the Contact type shows “Encrypted Bytes” for its “Field Type”.
CKReference
fields cannot be encrypted.CKAsset
fields are encrypted by default, and therefore should not be set as encryptedValues
fields.CKRecordID
, CKRecordZoneID
or any other data types that is not one of NSString
, NSNumber
, NSDate
, NSData
, CLLocation
and NSArray
cannot be set as encryptedValues
fields.handleError
function, where a CKError
with a zoneNotFound
code may have a CKErrorUserDidResetEncryptedDataKey
NSNumber
value in the userInfo
dictionary.tearDown
functions.This project uses Swift concurrency APIs. A prior completionHandler
-based implementation has been tagged pre-async
.