[itsbonczek]

If you need keychain access while the device is locked, using "kSecAttrAccessibleAfterFirstUnlock" is definitely recommended over "kSecAttrAccessibleAlways." I don't remember where I heard this (possibly a WWDC video), but I think most attack vectors require the phone to be restarted to work. Maybe someone with more knowledge on iOS security can chime in with details.

[dunham]

Or "kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly" if you're ok with the secret not transferring to another device. This prevents the secret from being exposed in a password protected backup or an iCloud backup.