appAttest
Secret delivery for iOS

Ship the app.
Not the keys.

Your API keys never ship inside your iOS app. AppAttest stores them and delivers each one at runtime — into the Keychain, and only after the install proves it's genuine.

iOS 17+ · Swift · React Native · Flutter · Capacitor
import AppAttest
// start once, at launch
AppAttest.start()
// read — synchronous, no await
let key = AppAttest.secrets["OPENAI_API_KEY"]
Your app asks AppAttest checks it's genuine key arrives in the Keychain
Attestation is iOS-only (iOS 17+). On cross-platform apps the bridges deliver secrets on the iOS side.
The problem today

A key in your code ships to everyone.

Any API key placed in your iOS source ends up inside the downloadable app — identical on every device, and readable straight out of the binary. Hiding or obfuscating it only slows someone down.

In the app bundle
YourApp.ipa
  ├─ Info.plist
  └─ Secrets.plist  sk_live_4f9c…
In a build config
// Secrets.xcconfig
API_KEY = sk_live_4f9c…
  ↳ baked into Info.plist
Hidden in code
// buried in the binary
let k = deobfuscate([0x73,0x6b…])

Anyone who downloads the app can unzip the .ipa and read the key straight out of the plist — plain text.

An .xcconfig is just another build input; its value lands in the shipped bundle, exposed just the same.

Obfuscation only buries it in the binary — strings, grep, or an LLM pull it back out in seconds.

How AppAttest works

From launch to your first secret.

1
Your app launches

At launch, the SDK requests a secret. Nothing sensitive is in the app — the request goes to AppAttest.

2
AppAttest + Apple verify the install

It uses Apple's App Attest to confirm this is your real, unmodified app on a real device — not a clone or a tampered build.

3
Secret delivered to the Keychain

Only then is the secret released — at runtime, into the Keychain, on that device only. It was never in the binary.

Blocked

Tampered builds, jailbroken clones, and copies pulled from another device fail the check and receive nothing.

Rotate

Change a secret in the dashboard and genuine installs pick up the new value on their next launch — no rebuild, no App Store review.

Genuine only

Delivered to your real app

Apple's App Attest confirms a genuine, unmodified install before any secret is released. Clones and tampered builds get nothing.

Never in the binary

Nothing to extract

Your secrets live in AppAttest, not your source. The app you upload to the App Store contains none of them.

Instant rotation

Change a key, no update

Rotate from the dashboard and genuine installs pick up the new value on next launch. No rebuild, no resubmission.

What you get
Swift SDK + bridges

Native Swift, plus React Native, Flutter, and Capacitor for cross-platform apps.

Dashboard

Manage apps, store and edit secrets, rotate keys, watch usage and billing.

Sandbox mode

Test the whole flow with debug builds before you go live.

Auto top-up

Prepaid credit refills before it runs out, so deliveries never stall.

Keep your keys out of your binary.

Add the SDK, store your first secret, and deliver it only to the installs that prove they're genuine.