### Example YAML Configuration for Swift Confidential Source: https://github.com/securevale/swift-confidential/blob/master/README.md This snippet demonstrates how to configure Swift Confidential with custom namespaces and algorithms. It shows how to define a default namespace and specify unique algorithms for individual secrets, including using 'random' for dynamic algorithm selection. ```yaml algorithm: - encrypt using aes-192-gcm - shuffle defaultNamespace: create ObfuscatedLiterals secrets: - name: apiKey value: 214C1E2E-A87E-4460-8205-4562FDF54D1C algorithm: random - name: trustedSPKIDigests value: - 7a6820614ee600bbaed493522c221c0d9095f3b4d7839415ffab16cbf61767ad - cf84a70a41072a42d0f25580b5cb54d6a9de45db824bbb7ba85d541b099fd49f - c1a5d45809269301993d028313a5c4a5d8b2f56de9725d4d1af9da1ccf186f30 # ... other secret definitions ``` -------------------------------- ### Xcode Installation for Swift Confidential Source: https://github.com/securevale/swift-confidential/blob/master/README.md Integrate Swift Confidential packages into your Xcode project and configure the build tool plugin. Do not add the configuration file to any Xcode targets. ```text * Add `swift-confidential` and `swift-confidential-plugin` packages to your Xcode project. Please refer to the [official documentation](https://developer.apple.com/documentation/xcode/adding-package-dependencies-to-your-app) for step-by-step instructions on how to add package dependencies. When asked to choose `swift-confidential` package products to be added to your target, make sure to select the `ConfidentialKit` library. * Then, navigate to your target’s `Build Phases` pane, and in the `Run Build Tool Plug-ins` section, click the `+` button, select the `Confidential` plugin, and click the `Add` button. ``` -------------------------------- ### SwiftPM Installation for Swift Confidential Source: https://github.com/securevale/swift-confidential/blob/master/README.md Add Swift Confidential and its plugin to your SwiftPM package dependencies and target. Ensure the configuration file is excluded from target resources. ```swift // swift-tools-version: 6.0 import PackageDescription let package = Package( // name, platforms, products, etc. dependencies: [ // other dependencies .package(url: "https://github.com/securevale/swift-confidential.git", .upToNextMinor(from: "0.5.0")), .package(url: "https://github.com/securevale/swift-confidential-plugin.git", .upToNextMinor(from: "0.5.0")) ], targets: [ .target( name: "MyLibrary", dependencies: [ // other dependencies .product(name: "ConfidentialKit", package: "swift-confidential") ], exclude: ["confidential.yml"], plugins: [ // other plugins .plugin(name: "Confidential", package: "swift-confidential-plugin") ] ) ] ) ``` -------------------------------- ### Generated Swift Code for Obfuscated Literals Source: https://github.com/securevale/swift-confidential/blob/master/README.md Example of Swift code generated by Swift Confidential. It defines enums with obfuscated literals, ready for use in your application. ```swift import ConfidentialKit internal enum ObfuscatedLiterals { internal static #Obfuscate(algorithm: .random) { let suspiciousDynamicLibraries = [ "Substrate", "Substitute", "FridaGadget", // ... other suspicious dylibs ] let suspiciousFilePaths = [ "/.installed_unc0ver", "/usr/sbin/frida-server", "/private/var/lib/cydia", // ... other suspicious file paths ] } } ``` -------------------------------- ### Create Symbolic Link for Configuration File Source: https://github.com/securevale/swift-confidential/blob/master/README.md Use symbolic links to reference a configuration file located outside your SwiftPM target or Xcode project. This is useful for git submodules or sharing a single configuration across multiple targets. ```sh ln -s ../path/to/source/confidential.yml ./path/to/symlink/confidential.yml ``` -------------------------------- ### YAML Syntax for Compression Source: https://github.com/securevale/swift-confidential/blob/master/README.md Specify the compression algorithm to be used by the Confidential plugin. Supported algorithms include lzfse, lz4, lzma, and zlib. ```yaml compress using <#algorithm#> ``` -------------------------------- ### Using Experimental Mode with _ConfidentialKit Source: https://github.com/securevale/swift-confidential/blob/master/README.md For experimental API usage, change your target dependency from `ConfidentialKit` to `_ConfidentialKit` in your SwiftPM and/or Xcode targets. This requires a Swift 6 toolchain. ```text In the applicable SwiftPM and/or Xcode targets, change your target dependency from the `ConfidentialKit` to the `_ConfidentialKit` (note the leading underscore) library. ``` -------------------------------- ### Add SwiftPM Product Dependency Source: https://github.com/securevale/swift-confidential/blob/master/README.md Add the ConfidentialKit library as a product dependency to your target in Package.swift. ```swift .product(name: "ConfidentialKit", package: "swift-confidential") ``` -------------------------------- ### Using Deobfuscated Secrets in Swift Source: https://github.com/securevale/swift-confidential/blob/master/README.md Demonstrates how to access and use the deobfuscated secret literals, such as suspicious dynamic libraries, within your Swift code for security checks. ```swift let suspiciousLibraries = ObfuscatedLiterals.$suspiciousDynamicLibraries .map { $0.lowercased() } let checkPassed = loadedLibraries .allSatisfy { !suspiciousLibraries.contains(where: $0.lowercased().contains) } ``` -------------------------------- ### Enabling Experimental Mode in confidential.yml Source: https://github.com/securevale/swift-confidential/blob/master/README.md Enable experimental features for YAML-based obfuscation by setting `experimentalMode` to `true` in your `confidential.yml` configuration file. ```yaml experimentalMode: true ``` -------------------------------- ### Create a New Namespace Source: https://github.com/securevale/swift-confidential/blob/master/README.md Use this YAML syntax to create a new namespace for generated secret literals. ```yaml create ObfuscatedLiterals ``` -------------------------------- ### YAML Syntax for Randomization Source: https://github.com/securevale/swift-confidential/blob/master/README.md Enable data randomization for obfuscation. This technique is best suited for secrets up to 256 bytes due to potential size increases for larger data. ```yaml shuffle ``` -------------------------------- ### Add SwiftPM Package Dependency Source: https://github.com/securevale/swift-confidential/blob/master/README.md Add the swift-confidential package dependency to your Package.swift file. Ensure you use a compatible version. ```swift .package(url: "https://github.com/securevale/swift-confidential.git", .upToNextMinor(from: "0.5.0")) ``` -------------------------------- ### Extend an Existing Namespace Source: https://github.com/securevale/swift-confidential/blob/master/README.md Use this YAML syntax to extend an existing namespace, optionally specifying the module. ```yaml extend Pinning from Crypto ``` -------------------------------- ### Configure Default Namespace and Access Modifier Source: https://github.com/securevale/swift-confidential/blob/master/README.md YAML configuration to set a default namespace and access modifier for secrets. All secrets will be generated with 'package' access within the 'ObfuscatedLiterals' namespace. ```yaml defaultNamespace: create ObfuscatedLiterals defaultAccessModifier: package secrets: - name: apiKey value: 214C1E2E-A87E-4460-8205-4562FDF54D1C - name: trustedSPKIDigests value: - 7a6820614ee600bbaed493522c221c0d9095f3b4d7839415ffab16cbf61767ad - cf84a70a41072a42d0f25580b5cb54d6a9de45db824bbb7ba85d541b099fd49f - c1a5d45809269301993d028313a5c4a5d8b2f56de9725d4d1af9da1ccf186f30 ``` -------------------------------- ### Disable Macro and Package Plugin Validations with Xcode Defaults Source: https://github.com/securevale/swift-confidential/blob/master/README.md Set Xcode defaults to disable macro and package plugin validations. This is an alternative to using `xcodebuild` options for CI/CD. ```sh defaults write com.apple.dt.Xcode IDESkipMacroFingerprintValidation -bool YES defaults write com.apple.dt.Xcode IDESkipPackagePluginFingerprintValidatation -bool YES ``` -------------------------------- ### Generated Swift Code for New Namespace Source: https://github.com/securevale/swift-confidential/blob/master/README.md This Swift code is generated when a new namespace is created using the 'create' YAML syntax. ```swift import ConfidentialKit internal enum ObfuscatedLiterals { // Encapsulated declarations ... } ``` -------------------------------- ### YAML Syntax for Encryption Source: https://github.com/securevale/swift-confidential/blob/master/README.md Specify the encryption algorithm for data obfuscation. The plugin supports various AES modes and ChaCha20-Poly1305. ```yaml encrypt using <#algorithm#> ``` -------------------------------- ### Generated Swift Code with Package Access Modifier Source: https://github.com/securevale/swift-confidential/blob/master/README.md Swift code generated from the YAML configuration, demonstrating 'package' access modifiers for declarations within the 'ObfuscatedLiterals' namespace. ```swift import ConfidentialKit package enum ObfuscatedLiterals { package static #Obfuscate(algorithm: .custom([.encrypt(algorithm: .aes192GCM), .shuffle])) { let apiKey = "214C1E2E-A87E-4460-8205-4562FDF54D1C" let trustedSPKIDigests = ["7a6820614ee600bbaed493522c221c0d9095f3b4d7839415ffab16cbf61767ad", "cf84a70a41072a42d0f25580b5cb54d6a9de45db824bbb7ba85d541b099fd49f", "c1a5d45809269301993d028313a5c4a5d8b2f56de9725d4d1af9da1ccf186f30"] } } ``` -------------------------------- ### Swift Confidential CLI Command Source: https://github.com/securevale/swift-confidential/blob/master/README.md Command to invoke the swift-confidential CLI tool for obfuscating secrets based on a YAML configuration. Ensure the configuration path and output directory are correctly specified. ```sh swift-confidential obfuscate --configuration "path/to/confidential.yml" --output "${PLUGIN_WORK_DIRECTORY}/ObfuscatedSources/Confidential.generated.swift" ``` -------------------------------- ### Obfuscate String Literals with Default Algorithm Source: https://github.com/securevale/swift-confidential/blob/master/README.md Use the Obfuscate macro to obfuscate single or multiple string literals within a namespace. A random obfuscation algorithm is used by default. ```swift import ConfidentialKit enum ObfuscatedLiterals { static #Obfuscate { // You can obfuscate a single string literal: let helloMessage = "Hello, Obfuscation!" // , or an array of string literals: let helloMessageWords = ["Hello", "Obfuscation"] } static #Obfuscate(algorithm: .custom([.encrypt(algorithm: .aes192GCM), .shuffle])) { let errorMessage = "404: World Not Found" } } ``` -------------------------------- ### YAML for List of Secret Literals Source: https://github.com/securevale/swift-confidential/blob/master/README.md Defines a list of secret literals for obfuscation, including multiple string values for trusted SPKI digests. ```yaml name: trustedSPKIDigests value: - 7a6820614ee600bbaed493522c221c0d9095f3b4d7839415ffab16cbf61767ad - cf84a70a41072a42d0f25580b5cb54d6a9de45db824bbb7ba85d541b099fd49f - c1a5d45809269301993d028313a5c4a5d8b2f56de9725d4d1af9da1ccf186f30 accessModifier: public namespace: extend Pinning from Crypto ``` -------------------------------- ### Generated Swift Code for Extended Namespace Source: https://github.com/securevale/swift-confidential/blob/master/README.md This Swift code is generated when extending an existing namespace with a specified module. ```swift import ConfidentialKit import Crypto extension Crypto.Pinning { // Encapsulated declarations ... } ``` -------------------------------- ### Disable Macro and Package Plugin Validations with Xcodebuild Source: https://github.com/securevale/swift-confidential/blob/master/README.md Use these options with `xcodebuild` to disable macro and package plugin validations for unattended use in CI/CD environments. ```sh -skipMacroValidation -skipPackagePluginValidation ``` -------------------------------- ### YAML Configuration for Secrets Source: https://github.com/securevale/swift-confidential/blob/master/README.md Define secret literals in a YAML file for centralized management. This is useful for projects with many RASP-related literals or pins. ```yaml defaultNamespace: create ObfuscatedLiterals secrets: - name: suspiciousDynamicLibraries value: - Substrate - Substitute - FridaGadget # ... other suspicious dylibs - name: suspiciousFilePaths value: - "/.installed_unc0ver" - "/usr/sbin/frida-server" - "/private/var/lib/cydia" # ... other suspicious file paths ``` -------------------------------- ### YAML for Single Secret Literal Source: https://github.com/securevale/swift-confidential/blob/master/README.md Defines a single secret literal for obfuscation, specifying its name, value, access modifier, and namespace. ```yaml name: secretVaultKeyTag value: com.example.app.keys.secret_vault_private_key accessModifier: internal namespace: extend KeychainAccess.Key from Crypto ``` -------------------------------- ### Generated Swift Code for List of Secrets Source: https://github.com/securevale/swift-confidential/blob/master/README.md Swift code generated from the YAML definition for a list of secret literals. It obfuscates an array of strings. ```swift import ConfidentialKit import Crypto extension Crypto.Pinning { public static #Obfuscate(algorithm: .random) { let trustedSPKIDigests = ["7a6820614ee600bbaed493522c221c0d9095f3b4d7839415ffab16cbf61767ad", "cf84a70a41072a42d0f25580b5cb54d6a9de45db824bbb7ba85d541b099fd49f", "c1a5d45809269301993d028313a5c4a5d8b2f56de9725d4d1af9da1ccf186f30"] } } ``` -------------------------------- ### Generated Swift Code for Single Secret Source: https://github.com/securevale/swift-confidential/blob/master/README.md Swift code generated from the YAML definition for a single secret literal. It uses the #Obfuscate macro for obfuscation. ```swift import ConfidentialKit import Crypto extension Crypto.KeychainAccess.Key { internal static #Obfuscate(algorithm: .random) { let secretVaultKeyTag = "com.example.app.keys.secret_vault_private_key" } } ``` -------------------------------- ### Access Deobfuscated Secret Literal Source: https://github.com/securevale/swift-confidential/blob/master/README.md Access the deobfuscated value of a secret literal using its projected value, denoted by the '$' prefix. ```swift print(ObfuscatedLiterals.$helloMessage) ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.