Symlink to Package.swift

* Update README.md

* Enhance README with attestation visibility details

* Update README to clarify build process and attestations

.github/templates/release.md

@@ -0,0 +1,16 @@
+Update description
+
+## Features
+
+
+## Fixes
+
+
+## Minimum macOS Version
+
+
+## Build
+https://github.com/maxgoedjen/secretive/actions/runs/RUN_ID
+
+## Attestation
+https://github.com/maxgoedjen/secretive/attestations/ATTESTATION_ID

.github/workflows/nightly.yml

@@ -9,7 +9,7 @@ jobs:
     runs-on: macos-15
     timeout-minutes: 10
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
     - name: Setup Signing
       env: 
         SIGNING_DATA: ${{ secrets.SIGNING_DATA }}
@@ -20,7 +20,7 @@ jobs:
         APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
       run: ./.github/scripts/signing.sh
     - name: Set Environment
-      run: sudo xcrun xcode-select -s /Applications/Xcode_26_beta_5.app
+      run: sudo xcrun xcode-select -s /Applications/Xcode_26.0.app
     - name: Update Build Number
       env:
         RUN_ID: ${{ github.run_id }}
@@ -39,14 +39,11 @@ jobs:
         APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
         APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
       run: xcrun notarytool submit --key ~/.private_keys/AuthKey_$APPLE_API_KEY_ID.p8 --key-id $APPLE_API_KEY_ID --issuer $APPLE_API_ISSUER Secretive.zip
-    - name: Document SHAs
+    - name: Attest
-      run: |
+      id: attest
-            echo "sha-512:"
+      uses: actions/attest-build-provenance@v2
-            shasum -a 512 Secretive.zip
+      with:
-            shasum -a 512 Archive.zip
+        subject-path: 'Secretive.zip'
-            echo "sha-256:"
-            shasum -a 256 Secretive.zip
-            shasum -a 256 Archive.zip
     - name: Upload App to Artifacts
       uses: actions/upload-artifact@v4
       with:

.github/workflows/release.yml

@@ -10,7 +10,7 @@ jobs:
     runs-on: macos-15
     timeout-minutes: 10
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
     - name: Setup Signing
       env: 
         SIGNING_DATA: ${{ secrets.SIGNING_DATA }}
@@ -21,18 +21,19 @@ jobs:
         APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
       run: ./.github/scripts/signing.sh
     - name: Set Environment
-      run: sudo xcrun xcode-select -s /Applications/Xcode_26_beta_5.app	
+      run: sudo xcrun xcode-select -s /Applications/Xcode_26.0.app
     - name: Test
-      run: |
+      run: swift build --build-system swiftbuild --package-path Sources/Packages
-            pushd Sources/Packages
-            swift test
-            popd
   build:
 #     runs-on: macOS-latest
     runs-on: macos-15
+    permissions:
+      id-token: write
+      contents: write
+      attestations: write
     timeout-minutes: 10
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
     - name: Setup Signing
       env: 
         SIGNING_DATA: ${{ secrets.SIGNING_DATA }}
@@ -43,7 +44,7 @@ jobs:
         APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
       run: ./.github/scripts/signing.sh
     - name: Set Environment
-      run: sudo xcrun xcode-select -s /Applications/Xcode_26_beta_5.app	
+      run: sudo xcrun xcode-select -s /Applications/Xcode_26.0.app
     - name: Update Build Number
       env:
         TAG_NAME: ${{ github.ref }}
@@ -58,54 +59,29 @@ jobs:
     - name: Create ZIPs
       run: |
             ditto -c -k --sequesterRsrc --keepParent Archive.xcarchive/Products/Applications/Secretive.app ./Secretive.zip
-            ditto -c -k --sequesterRsrc --keepParent Archive.xcarchive ./Archive.zip
+            ditto -c -k --sequesterRsrc --keepParent Archive.xcarchive ./Xcode_Archive.zip
     - name: Notarize
       env: 
         APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
         APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
       run: xcrun notarytool submit --key ~/.private_keys/AuthKey_$APPLE_API_KEY_ID.p8 --key-id $APPLE_API_KEY_ID --issuer $APPLE_API_ISSUER Secretive.zip
-    - name: Document SHAs
+    - name: Attest
-      run: |
+      id: attest
-            echo "sha-512:"
+      uses: actions/attest-build-provenance@v2
-            shasum -a 512 Secretive.zip
+      with:
-            shasum -a 512 Archive.zip
+        subject-path: 'Secretive.zip, Xcode_Archive.zip'
-            echo "sha-256:"
-            shasum -a 256 Secretive.zip
-            shasum -a 256 Archive.zip
     - name: Create Release
-      id: create_release
+      run: |
-      uses: actions/create-release@v1
+            sed -i.tmp "s/RUN_ID/$RUN_ID/g" .github/templates/release.md
+            sed -i.tmp "s/ATTESTATION_ID/$ATTESTATION_ID/g" .github/templates/release.md
+            gh release create $TAG_NAME -d -F .github/templates/release.md
+            gh release upload Secretive.zip
+            gh release upload Xcode_Archive.zip
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      with:
+        TAG_NAME: ${{ github.ref }}
-        tag_name: ${{ github.ref }}
+        RUN_ID: ${{ github.run_id }}
-        release_name: ${{ github.ref }}
+        ATTESTATION_ID: ${{ steps.attest.outputs.attestation-id }}
-        body: |
-          Update description
-
-          ## Features
-
-
-          ## Fixes
-
-
-          ## Minimum macOS Version
-
-
-          ## Build
-          https://github.com/maxgoedjen/secretive/actions/runs/${{ github.run_id }}
-        draft: true
-        prerelease: false
-    - name: Upload App to Release
-      id: upload-release-asset-app
-      uses: actions/upload-release-asset@v1.0.1
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      with:
-        upload_url: ${{ steps.create_release.outputs.upload_url }}
-        asset_path: ./Secretive.zip
-        asset_name: Secretive.zip
-        asset_content_type: application/zip
     - name: Upload App to Artifacts
       uses: actions/upload-artifact@v4
       with:
@@ -115,4 +91,4 @@ jobs:
       uses: actions/upload-artifact@v4
       with:
         name: Xcode_Archive.zip
-        path: Archive.zip
+        path: Xcode_Archive.zip

.github/workflows/test.yml

@@ -7,11 +7,8 @@ jobs:
     runs-on: macos-15
     timeout-minutes: 10
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
     - name: Set Environment
-      run: sudo xcrun xcode-select -s /Applications/Xcode_26_beta_5.app	
+      run: sudo xcrun xcode-select -s /Applications/Xcode_26.0.app
     - name: Test
-      run: |
+      run: swift build --build-system swiftbuild --package-path Sources/Packages
-            pushd Sources/Packages
-            swift test
-            popd

Package.swift

@@ -0,0 +1 @@
+Sources/Packages/Package.swift

README.md

@@ -49,7 +49,7 @@ There's a [FAQ here](FAQ.md).
 
 ### Auditable Build Process
 
-Builds are produced by GitHub Actions with an auditable build and release generation process. Each build has a "Document SHAs" step, which will output SHA checksums for the build produced by the GitHub Action, so you can verify that the source code for a given build corresponds to any given release.
+Builds are produced by GitHub Actions with an auditable build and release generation process. Starting with Secretive 3.0, builds are attested using [GitHub Artifact Attestation](https://docs.github.com/en/actions/concepts/security/artifact-attestations). Attestations are viewable in the build log for a build, and also on the [main attestation page](https://github.com/maxgoedjen/secretive/attestations).
 
 ### A Note Around Code Signing and Keychains
 

Sources/Packages/Package.swift

@@ -5,6 +5,7 @@ import PackageDescription
 
 let package = Package(
     name: "SecretivePackages",
+    defaultLocalization: "en",
     platforms: [
         .macOS(.v14)
     ],
@@ -34,6 +35,7 @@ let package = Package(
         .target(
             name: "SecretKit",
             dependencies: [],
+            resources: [localization],
             swiftSettings: swiftSettings
         ),
         .testTarget(
@@ -44,16 +46,19 @@ let package = Package(
         .target(
             name: "SecureEnclaveSecretKit",
             dependencies: ["SecretKit"],
+            resources: [localization],
             swiftSettings: swiftSettings
         ),
         .target(
             name: "SmartCardSecretKit",
             dependencies: ["SecretKit"],
+            resources: [localization],
             swiftSettings: swiftSettings
         ),
         .target(
             name: "SecretAgentKit",
             dependencies: ["SecretKit", "SecretAgentKitHeaders"],
+            resources: [localization],
             swiftSettings: swiftSettings
         ),
         .systemLibrary(
@@ -66,6 +71,7 @@ let package = Package(
         .target(
             name: "Brief",
             dependencies: [],
+            resources: [localization],
             swiftSettings: swiftSettings
         ),
         .testTarget(
@@ -75,6 +81,10 @@ let package = Package(
     ]
 )
 
+var localization: Resource {
+    .process("../../Localizable.xcstrings")
+}
+
 var swiftSettings: [PackageDescription.SwiftSetting] {
     [
         .swiftLanguageMode(.v6),

Sources/Packages/Sources/Localization/Stub.swift

@@ -0,0 +1 @@
+

Sources/Packages/Sources/SecretAgentKit/Sendability.swift

@@ -1,11 +0,0 @@
-import Foundation
-
-struct UncheckedSendable<T>: @unchecked Sendable {
-
-    let value: T
-
-    init(_ value: T) {
-        self.value = value
-    }
-
-}

Sources/Packages/Sources/SecretAgentKit/SocketController.swift

@@ -82,12 +82,12 @@ public final class SocketController {
         logger.debug("Socket controller has new data available")
         guard let new = notification.object as? FileHandle else { return }
         logger.debug("Socket controller received new file handle")
-        Task { [handler, logger = UncheckedSendable(logger)] in
+        Task { [handler, logger = logger] in
             if((await handler?(new, new)) == true) {
-                logger.value.debug("Socket controller handled data, wait for more data")
+                logger.debug("Socket controller handled data, wait for more data")
                 await new.waitForDataInBackgroundAndNotifyOnMainActor()
             } else {
-                logger.value.debug("Socket controller called with empty data, socked closed")
+                logger.debug("Socket controller called with empty data, socked closed")
             }
         }
     }

Sources/Packages/Sources/SecretKit/Erasers/AnySecretStore.swift

@@ -10,7 +10,6 @@ public class AnySecretStore: SecretStore, @unchecked Sendable {
     private let _name: @MainActor @Sendable () -> String
     private let _secrets: @MainActor @Sendable () -> [AnySecret]
     private let _sign: @Sendable (Data, AnySecret, SigningRequestProvenance) async throws -> Data
-    private let _verify: @Sendable (Data, Data, AnySecret) async throws -> Bool
     private let _existingPersistedAuthenticationContext: @Sendable (AnySecret) async -> PersistedAuthenticationContext?
     private let _persistAuthentication: @Sendable (AnySecret, TimeInterval) async throws -> Void
     private let _reloadSecrets: @Sendable () async -> Void
@@ -22,7 +21,6 @@ public class AnySecretStore: SecretStore, @unchecked Sendable {
         _id = { secretStore.id }
         _secrets = { secretStore.secrets.map { AnySecret($0) } }
         _sign = { try await secretStore.sign(data: $0, with: $1.base as! SecretStoreType.SecretType, for: $2) }
-        _verify = { try await secretStore.verify(signature: $0, for: $1, with: $2.base as! SecretStoreType.SecretType) }
         _existingPersistedAuthenticationContext = { await secretStore.existingPersistedAuthenticationContext(secret: $0.base as! SecretStoreType.SecretType) }
         _persistAuthentication = { try await secretStore.persistAuthentication(secret: $0.base as! SecretStoreType.SecretType, forDuration: $1) }
         _reloadSecrets = { await secretStore.reloadSecrets() }
@@ -48,10 +46,6 @@ public class AnySecretStore: SecretStore, @unchecked Sendable {
         try await _sign(data, secret, provenance)
     }
 
-    public func verify(signature: Data, for data: Data, with secret: AnySecret) async throws -> Bool {
-        try await _verify(signature, data, secret)
-    }
-
     public func existingPersistedAuthenticationContext(secret: AnySecret) async -> PersistedAuthenticationContext? {
         await _existingPersistedAuthenticationContext(secret)
     }

Sources/Packages/Sources/SecretKit/Types/SecretStore.swift

@@ -23,14 +23,6 @@ public protocol SecretStore: Identifiable, Sendable {
     /// - Returns: The signed data.
     func sign(data: Data, with secret: SecretType, for provenance: SigningRequestProvenance) async throws -> Data
 
-    /// Verifies that a signature is valid over a specified payload.
-    /// - Parameters:
-    ///   - signature: The signature over the data.
-    ///   - data: The data to verify the signature of.
-    ///   - secret: The secret whose signature to verify.
-    /// - Returns: Whether the signature was verified.
-    func verify(signature: Data, for data: Data, with secret: SecretType) async throws -> Bool
-
     /// Checks to see if there is currently a valid persisted authentication for a given secret.
     /// - Parameters:
     ///   - secret: The ``Secret`` to check if there is a persisted authentication for.

Sources/Packages/Sources/SecureEnclaveSecretKit/PersistentAuthenticationHandler.swift

@@ -50,16 +50,16 @@ extension SecureEnclave {
         func persistAuthentication(secret: Secret, forDuration duration: TimeInterval) async throws {
             let newContext = LAContext()
             newContext.touchIDAuthenticationAllowableReuseDuration = duration
-            newContext.localizedCancelTitle = String(localized: "auth_context_request_deny_button")
+            newContext.localizedCancelTitle = String(localized: .authContextRequestDenyButton)
 
             let formatter = DateComponentsFormatter()
             formatter.unitsStyle = .spellOut
             formatter.allowedUnits = [.hour, .minute, .day]
 
             if let durationString = formatter.string(from: duration) {
-                newContext.localizedReason = String(localized: "auth_context_persist_for_duration_\(secret.name)_\(durationString)")
+                newContext.localizedReason = String(localized: .authContextPersistForDuration(secretName: secret.name, duration: durationString))
             } else {
-                newContext.localizedReason = String(localized: "auth_context_persist_for_duration_unknown_\(secret.name)")
+                newContext.localizedReason = String(localized: .authContextPersistForDurationUnknown(secretName: secret.name))
             }
             let success = try await newContext.evaluatePolicy(.deviceOwnerAuthentication, localizedReason: newContext.localizedReason)
             guard success else { return }

Sources/Packages/Sources/SecureEnclaveSecretKit/SecureEnclaveStore.swift

@@ -15,7 +15,7 @@ extension SecureEnclave {
             CryptoKit.SecureEnclave.isAvailable
         }
         public let id = UUID()
-        public let name = String(localized: "secure_enclave")
+        public let name = String(localized: .secureEnclave)
         private let persistentAuthenticationHandler = PersistentAuthenticationHandler()
 
         /// Initializes a Store.
@@ -105,10 +105,10 @@ extension SecureEnclave {
                 context = existing.context
             } else {
                 let newContext = LAContext()
-                newContext.localizedCancelTitle = String(localized: "auth_context_request_deny_button")
+                newContext.localizedCancelTitle = String(localized: .authContextRequestDenyButton)
                 context = newContext
             }
-            context.localizedReason = String(localized: "auth_context_request_signature_description_\(provenance.origin.displayName)_\(secret.name)")
+            context.localizedReason = String(localized: .authContextRequestSignatureDescription(appName: provenance.origin.displayName, secretName: secret.name))
             let attributes = KeychainDictionary([
                 kSecClass: kSecClassKey,
                 kSecAttrKeyClass: kSecAttrKeyClassPrivate,
@@ -136,41 +136,6 @@ extension SecureEnclave {
             return signature as Data
         }
 
-        public func verify(signature: Data, for data: Data, with secret: Secret) throws -> Bool {
-            let context = LAContext()
-            context.localizedReason = String(localized: "auth_context_request_verify_description_\(secret.name)")
-            context.localizedCancelTitle = String(localized: "auth_context_request_deny_button")
-            let attributes = KeychainDictionary([
-                kSecClass: kSecClassKey,
-                kSecAttrKeyClass: kSecAttrKeyClassPrivate,
-                kSecAttrApplicationLabel: secret.id as CFData,
-                kSecAttrKeyType: Constants.keyType,
-                kSecAttrTokenID: kSecAttrTokenIDSecureEnclave,
-                kSecAttrApplicationTag: Constants.keyTag,
-                kSecUseAuthenticationContext: context,
-                kSecReturnRef: true
-                ])
-            var verifyError: SecurityError?
-            var untyped: CFTypeRef?
-            let status = SecItemCopyMatching(attributes, &untyped)
-            if status != errSecSuccess {
-                throw KeychainError(statusCode: status)
-            }
-            guard let untypedSafe = untyped else {
-                throw KeychainError(statusCode: errSecSuccess)
-            }
-            let key = untypedSafe as! SecKey
-            let verified = SecKeyVerifySignature(key, .ecdsaSignatureMessageX962SHA256, data as CFData, signature as CFData, &verifyError)
-            if !verified, let verifyError {
-                if verifyError.takeUnretainedValue() ~= .verifyError {
-                    return false
-                } else {
-                    throw SigningError(error: verifyError)
-                }
-            }
-            return verified
-        }
-
         public func existingPersistedAuthenticationContext(secret: Secret) async -> PersistedAuthenticationContext? {
             await persistentAuthenticationHandler.existingPersistedAuthenticationContext(secret: secret)
         }
@@ -240,7 +205,7 @@ extension SecureEnclave.Store {
                                             nil)!
 
         let wrapped: [SecureEnclave.Secret] = publicTyped.map {
-            let name = $0[kSecAttrLabel] as? String ?? String(localized: "unnamed_secret")
+            let name = $0[kSecAttrLabel] as? String ?? String(localized: .unnamedSecret)
             let id = $0[kSecAttrApplicationLabel] as! Data
             let publicKeyRef = $0[kSecValueRef] as! SecKey
             let publicKeyAttributes = SecKeyCopyAttributes(publicKeyRef) as! [CFString: Any]

Sources/Packages/Sources/SmartCardSecretKit/SmartCardStore.swift

@@ -9,7 +9,7 @@ extension SmartCard {
     
     @MainActor @Observable fileprivate final class State {
         var isAvailable = false
-        var name = String(localized: "smart_card")
+        var name = String(localized: .smartCard)
         var secrets: [Secret] = []
         let watcher = TKTokenWatcher()
         var tokenID: String? = nil
@@ -63,8 +63,8 @@ extension SmartCard {
         public func sign(data: Data, with secret: Secret, for provenance: SigningRequestProvenance) async throws -> Data {
             guard let tokenID = await state.tokenID else { fatalError() }
             let context = LAContext()
-            context.localizedReason = String(localized: "auth_context_request_signature_description_\(provenance.origin.displayName)_\(secret.name)")
+            context.localizedReason = String(localized: .authContextRequestSignatureDescription(appName: provenance.origin.displayName, secretName: secret.name))
-            context.localizedCancelTitle = String(localized: "auth_context_request_deny_button")
+            context.localizedCancelTitle = String(localized: .authContextRequestDenyButton)
             let attributes = KeychainDictionary([
                 kSecClass: kSecClassKey,
                 kSecAttrKeyClass: kSecAttrKeyClassPrivate,
@@ -89,29 +89,6 @@ extension SmartCard {
             return signature as Data
         }
         
-        public func verify(signature: Data, for data: Data, with secret: Secret) throws -> Bool {
-            let attributes = KeychainDictionary([
-                kSecAttrKeyType: secret.algorithm.secAttrKeyType,
-                kSecAttrKeySizeInBits: secret.keySize,
-                kSecAttrKeyClass: kSecAttrKeyClassPublic
-            ])
-            var verifyError: SecurityError?
-            let untyped: CFTypeRef? = SecKeyCreateWithData(secret.publicKey as CFData, attributes, &verifyError)
-            guard let untypedSafe = untyped else {
-                throw KeychainError(statusCode: errSecSuccess)
-            }
-            let key = untypedSafe as! SecKey
-            let verified = SecKeyVerifySignature(key, signatureAlgorithm(for: secret, allowRSA: true), data as CFData, signature as CFData, &verifyError)
-            if !verified, let verifyError {
-                if verifyError.takeUnretainedValue() ~= .verifyError {
-                    return false
-                } else {
-                    throw SigningError(error: verifyError)
-                }
-            }
-            return verified
-        }
-
         public func existingPersistedAuthenticationContext(secret: Secret) -> PersistedAuthenticationContext? {
             nil
         }
@@ -162,7 +139,7 @@ extension SmartCard.Store {
     @MainActor private func loadSecrets() {
         guard let tokenID = state.tokenID  else { return }
 
-        let fallbackName = String(localized: "smart_card")
+        let fallbackName = String(localized: .smartCard)
         if let driverName = state.watcher.tokenInfo(forTokenID: tokenID)?.driverName  {
             state.name = driverName
         } else {
@@ -180,7 +157,7 @@ extension SmartCard.Store {
         SecItemCopyMatching(attributes, &untyped)
         guard let typed = untyped as? [[CFString: Any]] else { return }
         let wrapped = typed.map {
-            let name = $0[kSecAttrLabel] as? String ?? String(localized: "unnamed_secret")
+            let name = $0[kSecAttrLabel] as? String ?? String(localized: .unnamedSecret)
             let tokenID = $0[kSecAttrApplicationLabel] as! Data
             let algorithm = Algorithm(secAttr: $0[kSecAttrKeyType] as! NSNumber)
             let keySize = $0[kSecAttrKeySizeInBits] as! Int
@@ -207,8 +184,8 @@ extension SmartCard.Store {
     /// - Warning: Encryption functions are deliberately only exposed on a library level, and are not exposed in Secretive itself to prevent users from data loss. Any pull requests which expose this functionality in the app will not be merged.
     public func encrypt(data: Data, with secret: SecretType) throws -> Data {
         let context = LAContext()
-        context.localizedReason = String(localized: "auth_context_request_encrypt_description_\(secret.name)")
+        context.localizedReason = String(localized: .authContextRequestEncryptDescription(secretName: secret.name))
-        context.localizedCancelTitle = String(localized: "auth_context_request_deny_button")
+        context.localizedCancelTitle = String(localized: .authContextRequestDenyButton)
         let attributes = KeychainDictionary([
             kSecAttrKeyType: secret.algorithm.secAttrKeyType,
             kSecAttrKeySizeInBits: secret.keySize,
@@ -236,8 +213,8 @@ extension SmartCard.Store {
     public func decrypt(data: Data, with secret: SecretType) async throws -> Data {
         guard let tokenID = await state.tokenID else { fatalError() }
         let context = LAContext()
-        context.localizedReason = String(localized: "auth_context_request_decrypt_description_\(secret.name)")
+        context.localizedReason = String(localized: .authContextRequestDecryptDescription(secretName: secret.name))
-        context.localizedCancelTitle = String(localized: "auth_context_request_deny_button")
+        context.localizedCancelTitle = String(localized: .authContextRequestDenyButton)
         let attributes = KeychainDictionary([
             kSecClass: kSecClassKey,
             kSecAttrKeyClass: kSecAttrKeyClassPrivate,

Sources/Packages/Tests/SecretAgentKitTests/AgentTests.swift

@@ -60,18 +60,10 @@ import CryptoKit
         }
         var rs = r
         rs.append(s)
-        let signature = try! P256.Signing.ECDSASignature(rawRepresentation: rs)
+        let signature = try P256.Signing.ECDSASignature(rawRepresentation: rs)
-        let referenceValid = try! P256.Signing.PublicKey(x963Representation: Constants.Secrets.ecdsa256Secret.publicKey).isValidSignature(signature, for: dataToSign)
+        // Correct signature
-        let store = await list.stores.first!
+        #expect(try P256.Signing.PublicKey(x963Representation: Constants.Secrets.ecdsa256Secret.publicKey)
-        let derVerifies = try await store.verify(signature: signature.derRepresentation, for: dataToSign, with: AnySecret(Constants.Secrets.ecdsa256Secret))
+            .isValidSignature(signature, for: dataToSign))
-        let invalidRandomSignature = try await store.verify(signature: "invalid".data(using: .utf8)!, for: dataToSign, with: AnySecret(Constants.Secrets.ecdsa256Secret))
-        let invalidRandomData = try await store.verify(signature: signature.derRepresentation, for: "invalid".data(using: .utf8)!, with: AnySecret(Constants.Secrets.ecdsa256Secret))
-        let invalidWrongKey = try await store.verify(signature: signature.derRepresentation, for: dataToSign, with: AnySecret(Constants.Secrets.ecdsa384Secret))
-        #expect(referenceValid)
-        #expect(derVerifies)
-        #expect(invalidRandomSignature == false)
-        #expect(invalidRandomData == false)
-        #expect(invalidWrongKey == false)
     }
 
     // MARK: Witness protocol

Sources/Packages/Tests/SecretAgentKitTests/StubStore.swift

@@ -61,29 +61,6 @@ extension Stub {
             return SecKeyCreateSignature(privateKey, signatureAlgorithm(for: secret), data as CFData, nil)! as Data
         }
 
-        public func verify(signature: Data, for data: Data, with secret: Stub.Secret) throws -> Bool {
-            let attributes = KeychainDictionary([
-                kSecAttrKeyType: secret.algorithm.secAttrKeyType,
-                kSecAttrKeySizeInBits: secret.keySize,
-                kSecAttrKeyClass: kSecAttrKeyClassPublic
-            ])
-            var verifyError: Unmanaged<CFError>?
-            let untyped: CFTypeRef? = SecKeyCreateWithData(secret.publicKey as CFData, attributes, &verifyError)
-            guard let untypedSafe = untyped else {
-                throw NSError(domain: "test", code: 0, userInfo: nil)
-            }
-            let key = untypedSafe as! SecKey
-            let verified = SecKeyVerifySignature(key, signatureAlgorithm(for: secret), data as CFData, signature as CFData, &verifyError)
-            if let verifyError {
-                if verifyError.takeUnretainedValue() ~= .verifyError {
-                    return false
-                } else {
-                    throw NSError(domain: "test", code: 0, userInfo: nil)
-                }
-            }
-            return verified
-        }
-
         public func existingPersistedAuthenticationContext(secret: Stub.Secret) -> PersistedAuthenticationContext? {
             nil
         }

Sources/SecretAgent/Notifier.swift

@@ -10,8 +10,8 @@ final class Notifier: Sendable {
     private let notificationDelegate = NotificationDelegate()
 
     init() {
-        let updateAction = UNNotificationAction(identifier: Constants.updateActionIdentitifier, title: String(localized: "update_notification_update_button"), options: [])
+        let updateAction = UNNotificationAction(identifier: Constants.updateActionIdentitifier, title: String(localized: .updateNotificationUpdateButton), options: [])
-        let ignoreAction = UNNotificationAction(identifier: Constants.ignoreActionIdentitifier, title: String(localized: "update_notification_ignore_button"), options: [])
+        let ignoreAction = UNNotificationAction(identifier: Constants.ignoreActionIdentitifier, title: String(localized: .updateNotificationIgnoreButton), options: [])
         let updateCategory = UNNotificationCategory(identifier: Constants.updateCategoryIdentitifier, actions: [updateAction, ignoreAction], intentIdentifiers: [], options: [])
         let criticalUpdateCategory = UNNotificationCategory(identifier: Constants.criticalUpdateCategoryIdentitifier, actions: [updateAction], intentIdentifiers: [], options: [])
 
@@ -22,7 +22,7 @@ final class Notifier: Sendable {
             Measurement(value: 24, unit: UnitDuration.hours)
         ]
 
-        let doNotPersistAction = UNNotificationAction(identifier: Constants.doNotPersistActionIdentitifier, title: String(localized: "persist_authentication_decline_button"), options: [])
+        let doNotPersistAction = UNNotificationAction(identifier: Constants.doNotPersistActionIdentitifier, title: String(localized: .persistAuthenticationDeclineButton), options: [])
         var allPersistenceActions = [doNotPersistAction]
 
         let formatter = DateComponentsFormatter()
@@ -41,7 +41,7 @@ final class Notifier: Sendable {
 
         let persistAuthenticationCategory = UNNotificationCategory(identifier: Constants.persistAuthenticationCategoryIdentitifier, actions: allPersistenceActions, intentIdentifiers: [], options: [])
         if persistAuthenticationCategory.responds(to: Selector(("actionsMenuTitle"))) {
-            persistAuthenticationCategory.setValue(String(localized: "persist_authentication_accept_button"), forKey: "_actionsMenuTitle")
+            persistAuthenticationCategory.setValue(String(localized: .persistAuthenticationAcceptButton), forKey: "_actionsMenuTitle")
         }
         UNUserNotificationCenter.current().setNotificationCategories([updateCategory, criticalUpdateCategory, persistAuthenticationCategory])
         UNUserNotificationCenter.current().delegate = notificationDelegate
@@ -64,8 +64,8 @@ final class Notifier: Sendable {
         await notificationDelegate.state.setPending(secret: secret, store: store)
         let notificationCenter = UNUserNotificationCenter.current()
         let notificationContent = UNMutableNotificationContent()
-        notificationContent.title = String(localized: "signed_notification_title_\(provenance.origin.displayName)")
+        notificationContent.title = String(localized: .signedNotificationTitle(appName: provenance.origin.displayName))
-        notificationContent.subtitle = String(localized: "signed_notification_description_\(secret.name)")
+        notificationContent.subtitle = String(localized: .signedNotificationDescription(secretName: secret.name))
         notificationContent.userInfo[Constants.persistSecretIDKey] = secret.id.description
         notificationContent.userInfo[Constants.persistStoreIDKey] = store.id.description
         notificationContent.interruptionLevel = .timeSensitive
@@ -85,11 +85,11 @@ final class Notifier: Sendable {
         let notificationContent = UNMutableNotificationContent()
         if update.critical {
             notificationContent.interruptionLevel = .critical
-            notificationContent.title = String(localized: "update_notification_update_critical_title_\(update.name)")
+            notificationContent.title = String(localized: .updateNotificationUpdateCriticalTitle(updateName: update.name))
         } else {
-            notificationContent.title = String(localized: "update_notification_update_normal_title_\(update.name)")
+            notificationContent.title = String(localized: .updateNotificationUpdateNormalTitle(updateName: update.name))
         }
-        notificationContent.subtitle = String(localized: "update_notification_update_description")
+        notificationContent.subtitle = String(localized: .updateNotificationUpdateDescription)
         notificationContent.body = update.body
         notificationContent.categoryIdentifier = update.critical ? Constants.criticalUpdateCategoryIdentitifier : Constants.updateCategoryIdentitifier
         let request = UNNotificationRequest(identifier: UUID().uuidString, content: notificationContent, trigger: nil)

Sources/Secretive.xcodeproj/project.pbxproj

@@ -18,8 +18,9 @@
 		5003EF612780081600DF2006 /* SmartCardSecretKit in Frameworks */ = {isa = PBXBuildFile; productRef = 5003EF602780081600DF2006 /* SmartCardSecretKit */; };
 		5003EF632780081B00DF2006 /* SecureEnclaveSecretKit in Frameworks */ = {isa = PBXBuildFile; productRef = 5003EF622780081B00DF2006 /* SecureEnclaveSecretKit */; };
 		5003EF652780081B00DF2006 /* SmartCardSecretKit in Frameworks */ = {isa = PBXBuildFile; productRef = 5003EF642780081B00DF2006 /* SmartCardSecretKit */; };
+		5008C23E2E525D8900507AC2 /* Localizable.xcstrings in Resources */ = {isa = PBXBuildFile; fileRef = 5008C23D2E525D8200507AC2 /* Localizable.xcstrings */; };
 		5008C2402E52792400507AC2 /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 50617D8623FCE48E0099B055 /* Assets.xcassets */; };
-		500B93C32B478D8400E157DE /* Localizable.xcstrings in Resources */ = {isa = PBXBuildFile; fileRef = 500B93C22B478D8400E157DE /* Localizable.xcstrings */; };
+		5008C2412E52D18700507AC2 /* Localizable.xcstrings in Resources */ = {isa = PBXBuildFile; fileRef = 5008C23D2E525D8200507AC2 /* Localizable.xcstrings */; };
 		501421622781262300BBAA70 /* Brief in Frameworks */ = {isa = PBXBuildFile; productRef = 501421612781262300BBAA70 /* Brief */; };
 		501421652781268000BBAA70 /* SecretAgent.app in CopyFiles */ = {isa = PBXBuildFile; fileRef = 50A3B78A24026B7500D209EA /* SecretAgent.app */; settings = {ATTRIBUTES = (RemoveHeadersOnCopy, ); }; };
 		50153E20250AFCB200525160 /* UpdateView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50153E1F250AFCB200525160 /* UpdateView.swift */; };
@@ -51,7 +52,6 @@
 		50B8550D24138C4F009958AC /* DeleteSecretView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50B8550C24138C4F009958AC /* DeleteSecretView.swift */; };
 		50BB046B2418AAAE00D6E079 /* EmptyStoreView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50BB046A2418AAAE00D6E079 /* EmptyStoreView.swift */; };
 		50C385A52407A76D00AF2719 /* SecretDetailView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50C385A42407A76D00AF2719 /* SecretDetailView.swift */; };
-		50E9CF422B51D596004AB36D /* Localizable.xcstrings in Resources */ = {isa = PBXBuildFile; fileRef = 500B93C22B478D8400E157DE /* Localizable.xcstrings */; };
 /* End PBXBuildFile section */
 
 /* Begin PBXContainerItemProxy section */
@@ -102,7 +102,7 @@
 		50020BAF24064869003D4025 /* AppDelegate.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = AppDelegate.swift; sourceTree = "<group>"; };
 		50033AC227813F1700253856 /* BundleIDs.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = BundleIDs.swift; sourceTree = "<group>"; };
 		5003EF39278005C800DF2006 /* Packages */ = {isa = PBXFileReference; lastKnownFileType = wrapper; path = Packages; sourceTree = "<group>"; };
-		500B93C22B478D8400E157DE /* Localizable.xcstrings */ = {isa = PBXFileReference; lastKnownFileType = text.json.xcstrings; path = Localizable.xcstrings; sourceTree = "<group>"; };
+		5008C23D2E525D8200507AC2 /* Localizable.xcstrings */ = {isa = PBXFileReference; lastKnownFileType = text.json.xcstrings; name = Localizable.xcstrings; path = Packages/Localizable.xcstrings; sourceTree = SOURCE_ROOT; };
 		50153E1F250AFCB200525160 /* UpdateView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = UpdateView.swift; sourceTree = "<group>"; };
 		50153E21250DECA300525160 /* SecretListItemView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SecretListItemView.swift; sourceTree = "<group>"; };
 		5018F54E24064786002EB505 /* Notifier.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Notifier.swift; sourceTree = "<group>"; };
@@ -210,7 +210,7 @@
 				508BF28D25B4F005009EFB7E /* InternetAccessPolicy.plist */,
 				50617D8F23FCE48E0099B055 /* Secretive.entitlements */,
 				506772C62424784600034DED /* Credits.rtf */,
-				500B93C22B478D8400E157DE /* Localizable.xcstrings */,
+				5008C23D2E525D8200507AC2 /* Localizable.xcstrings */,
 				50617D8823FCE48E0099B055 /* Preview Content */,
 			);
 			path = Secretive;
@@ -404,7 +404,7 @@
 			buildActionMask = 2147483647;
 			files = (
 				50617D8A23FCE48E0099B055 /* Preview Assets.xcassets in Resources */,
-				500B93C32B478D8400E157DE /* Localizable.xcstrings in Resources */,
+				5008C23E2E525D8900507AC2 /* Localizable.xcstrings in Resources */,
 				50617D8723FCE48E0099B055 /* Assets.xcassets in Resources */,
 				506772C72424784600034DED /* Credits.rtf in Resources */,
 				508BF28E25B4F005009EFB7E /* InternetAccessPolicy.plist in Resources */,
@@ -416,7 +416,7 @@
 			buildActionMask = 2147483647;
 			files = (
 				50A3B79724026B7600D209EA /* Main.storyboard in Resources */,
-				50E9CF422B51D596004AB36D /* Localizable.xcstrings in Resources */,
+				5008C2412E52D18700507AC2 /* Localizable.xcstrings in Resources */,
 				50A3B79424026B7600D209EA /* Preview Assets.xcassets in Resources */,
 				508BF2AA25B4F1CB009EFB7E /* InternetAccessPolicy.plist in Resources */,
 				5008C2402E52792400507AC2 /* Assets.xcassets in Resources */,
@@ -526,6 +526,8 @@
 				COPY_PHASE_STRIP = NO;
 				DEAD_CODE_STRIPPING = YES;
 				DEBUG_INFORMATION_FORMAT = dwarf;
+				ENABLE_ENHANCED_SECURITY = YES;
+				ENABLE_POINTER_AUTHENTICATION = YES;
 				ENABLE_STRICT_OBJC_MSGSEND = YES;
 				ENABLE_TESTABILITY = YES;
 				ENABLE_USER_SCRIPT_SANDBOXING = YES;
@@ -598,7 +600,9 @@
 				COPY_PHASE_STRIP = NO;
 				DEAD_CODE_STRIPPING = YES;
 				DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
+				ENABLE_ENHANCED_SECURITY = YES;
 				ENABLE_NS_ASSERTIONS = NO;
+				ENABLE_POINTER_AUTHENTICATION = YES;
 				ENABLE_STRICT_OBJC_MSGSEND = YES;
 				ENABLE_USER_SCRIPT_SANDBOXING = YES;
 				GCC_C_LANGUAGE_STANDARD = gnu11;
@@ -637,8 +641,10 @@
 				DEVELOPMENT_ASSET_PATHS = "\"Secretive/Preview Content\"";
 				DEVELOPMENT_TEAM = Z72PRUAWF6;
 				ENABLE_APP_SANDBOX = YES;
+				ENABLE_ENHANCED_SECURITY = YES;
 				ENABLE_HARDENED_RUNTIME = YES;
 				ENABLE_OUTGOING_NETWORK_CONNECTIONS = YES;
+				ENABLE_POINTER_AUTHENTICATION = YES;
 				ENABLE_PREVIEWS = YES;
 				ENABLE_USER_SELECTED_FILES = readwrite;
 				INFOPLIST_FILE = Secretive/Info.plist;
@@ -667,8 +673,10 @@
 				DEVELOPMENT_ASSET_PATHS = "\"Secretive/Preview Content\"";
 				DEVELOPMENT_TEAM = Z72PRUAWF6;
 				ENABLE_APP_SANDBOX = YES;
+				ENABLE_ENHANCED_SECURITY = YES;
 				ENABLE_HARDENED_RUNTIME = YES;
 				ENABLE_OUTGOING_NETWORK_CONNECTIONS = YES;
+				ENABLE_POINTER_AUTHENTICATION = YES;
 				ENABLE_PREVIEWS = YES;
 				ENABLE_USER_SELECTED_FILES = readwrite;
 				INFOPLIST_FILE = Secretive/Info.plist;
@@ -723,6 +731,8 @@
 				COPY_PHASE_STRIP = NO;
 				DEAD_CODE_STRIPPING = YES;
 				DEBUG_INFORMATION_FORMAT = dwarf;
+				ENABLE_ENHANCED_SECURITY = YES;
+				ENABLE_POINTER_AUTHENTICATION = YES;
 				ENABLE_STRICT_OBJC_MSGSEND = YES;
 				ENABLE_TESTABILITY = YES;
 				ENABLE_USER_SCRIPT_SANDBOXING = YES;
@@ -760,14 +770,17 @@
 			isa = XCBuildConfiguration;
 			buildSettings = {
 				ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
+				CODE_SIGN_ENTITLEMENTS = Secretive/Secretive.entitlements;
 				CODE_SIGN_STYLE = Manual;
 				COMBINE_HIDPI_IMAGES = YES;
 				CURRENT_PROJECT_VERSION = 1;
 				DEAD_CODE_STRIPPING = YES;
 				DEVELOPMENT_ASSET_PATHS = "\"Secretive/Preview Content\"";
 				ENABLE_APP_SANDBOX = YES;
+				ENABLE_ENHANCED_SECURITY = YES;
 				ENABLE_HARDENED_RUNTIME = NO;
 				ENABLE_OUTGOING_NETWORK_CONNECTIONS = YES;
+				ENABLE_POINTER_AUTHENTICATION = YES;
 				ENABLE_PREVIEWS = YES;
 				ENABLE_USER_SELECTED_FILES = readwrite;
 				INFOPLIST_FILE = Secretive/Info.plist;

Sources/Secretive.xcodeproj/project.xcworkspace/xcshareddata/WorkspaceSettings.xcsettings

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>iOSPackagesShouldBuildARM64e</key>
+	<true/>
+</dict>
+</plist>

Sources/Secretive/App.swift

@@ -59,18 +59,18 @@ struct Secretive: App {
         }
         .commands {
             CommandGroup(after: CommandGroupPlacement.newItem) {
-                Button("app_menu_new_secret_button") {
+                Button(.appMenuNewSecretButton) {
                     showingCreation = true
                 }
                 .keyboardShortcut(KeyboardShortcut(KeyEquivalent("N"), modifiers: [.command, .shift]))
             }
             CommandGroup(replacing: .help) {
-                Button("app_menu_help_button") {
+                Button(.appMenuHelpButton) {
                     NSWorkspace.shared.open(Constants.helpURL)
                 }
             }
             CommandGroup(after: .help) {
-                Button("app_menu_setup_button") {
+                Button(.appMenuSetupButton) {
                     showingSetup = true
                 }
             }

Sources/Secretive/Preview Content/PreviewStore.swift

@@ -40,10 +40,6 @@ extension Preview {
             return data
         }
 
-        func verify(signature data: Data, for signature: Data, with secret: Preview.Secret) throws -> Bool {
-            true
-        }
-
         func existingPersistedAuthenticationContext(secret: Preview.Secret) -> PersistedAuthenticationContext? {
             nil
         }
@@ -76,10 +72,6 @@ extension Preview {
             return data
         }
 
-        func verify(signature data: Data, for signature: Data, with secret: Preview.Secret) throws -> Bool {
-            true
-        }
-
         func existingPersistedAuthenticationContext(secret: Preview.Secret) -> PersistedAuthenticationContext? {
             nil
         }

Sources/Secretive/Secretive.entitlements

@@ -2,6 +2,16 @@
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
+	<key>com.apple.security.hardened-process</key>
+	<true/>
+	<key>com.apple.security.hardened-process.dyld-ro</key>
+	<true/>
+	<key>com.apple.security.hardened-process.enhanced-security-version</key>
+	<integer>1</integer>
+	<key>com.apple.security.hardened-process.hardened-heap</key>
+	<true/>
+	<key>com.apple.security.hardened-process.platform-restrictions</key>
+	<integer>2</integer>
 	<key>com.apple.security.smartcard</key>
 	<true/>
 	<key>keychain-access-groups</key>

Sources/Secretive/Views/ContentView.swift

@@ -70,15 +70,15 @@ extension ContentView {
         }
     }
 
-    var updateNoticeContent: (LocalizedStringKey, Color)? {
+    var updateNoticeContent: (LocalizedStringResource, Color)? {
         guard let update = updater.update else { return nil }
         if update.critical {
-            return ("update_critical_notice_title", .red)
+            return (.updateCriticalNoticeTitle, .red)
         } else {
             if updater.testBuild {
-                return ("update_test_notice_title", .blue)
+                return (.updateTestNoticeTitle, .blue)
             } else {
-                return ("update_normal_notice_title", .orange)
+                return (.updateNormalNoticeTitle, .orange)
             }
         }
     }
@@ -127,13 +127,13 @@ extension ContentView {
         }, label: {
             Group {
                 if hasRunSetup && !agentStatusChecker.running {
-                    Text("agent_not_running_notice_title")
+                    Text(.agentNotRunningNoticeTitle)
                 } else {
-                    Text("agent_setup_notice_title")
+                    Text(.agentSetupNoticeTitle)
                 }
             }
             .font(.headline)
-            .foregroundColor(.white)
+
         })
         .buttonStyle(ToolbarButtonStyle(color: .orange))
     }
@@ -144,7 +144,7 @@ extension ContentView {
             showingAgentInfo = true
         }, label: {
             HStack {
-                Text("agent_running_notice_title")
+                Text(.agentRunningNoticeTitle)
                     .font(.headline)
                     .foregroundColor(colorScheme == .light ? Color(white: 0.3) : .white)
                 Circle()
@@ -155,10 +155,10 @@ extension ContentView {
         .buttonStyle(ToolbarButtonStyle(lightColor: .black.opacity(0.05), darkColor: .white.opacity(0.05)))
         .popover(isPresented: $showingAgentInfo, attachmentAnchor: attachmentAnchor, arrowEdge: .bottom) {
             VStack {
-                Text("agent_running_notice_detail_title")
+                Text(.agentRunningNoticeDetailTitle)
                     .font(.title)
                     .padding(5)
-                Text("agent_running_notice_detail_description")
+                Text(.agentRunningNoticeDetailDescription)
                     .frame(width: 300)
             }
             .padding()
@@ -172,7 +172,7 @@ extension ContentView {
                 showingAppPathNotice = true
             }, label: {
                 Group {
-                    Text("app_not_in_applications_notice_title")
+                    Text(.appNotInApplicationsNoticeTitle)
                 }
                 .font(.headline)
                 .foregroundColor(.white)
@@ -184,7 +184,7 @@ extension ContentView {
                         .resizable()
                         .aspectRatio(contentMode: .fit)
                         .frame(width: 64)
-                    Text("app_not_in_applications_notice_detail_description")
+                    Text(.appNotInApplicationsNoticeDetailDescription)
                         .frame(maxWidth: 300)
                 }
                 .padding()

Sources/Secretive/Views/CopyableView.swift

@@ -3,7 +3,7 @@ import UniformTypeIdentifiers
 
 struct CopyableView: View {
 
-    var title: LocalizedStringKey
+    var title: LocalizedStringResource
     var image: Image
     var text: String
 
@@ -125,7 +125,8 @@ extension View {
 fileprivate struct BackgroundViewModifier: ViewModifier {
     
     @Environment(\.colorScheme) private var colorScheme
-    
+    @Environment(\.appearsActive) private var appearsActive
+
     let interactionState: InteractionState
 
     func body(content: Content) -> some View {
@@ -148,6 +149,7 @@ fileprivate struct BackgroundViewModifier: ViewModifier {
     }
     
     func backgroundColor(interactionState: InteractionState) -> Color {
+        guard appearsActive else { return Color.clear }
         switch interactionState {
         case .normal:
             return colorScheme == .dark ? Color(white: 0.2) : Color(white: 0.885)

Sources/Secretive/Views/CreateSecretView.swift

@@ -14,30 +14,30 @@ struct CreateSecretView<StoreType: SecretStoreModifiable>: View {
             HStack {
                 VStack {
                     HStack {
-                        Text("create_secret_title")
+                        Text(.createSecretTitle)
                             .font(.largeTitle)
                         Spacer()
                     }
                     HStack {
-                        Text("create_secret_name_label")
+                        Text(.createSecretNameLabel)
-                        TextField("create_secret_name_placeholder", text: $name)
+                        TextField(String(localized: .createSecretNamePlaceholder), text: $name)
                             .focusable()
                     }
                     ThumbnailPickerView(items: [
-                        ThumbnailPickerView.Item(value: true, name: "create_secret_require_authentication_title", description: "create_secret_require_authentication_description", thumbnail: AuthenticationView()),
+                        ThumbnailPickerView.Item(value: true, name: .createSecretRequireAuthenticationTitle, description: .createSecretRequireAuthenticationDescription, thumbnail: AuthenticationView()),
-                        ThumbnailPickerView.Item(value: false, name: "create_secret_notify_title",
+                        ThumbnailPickerView.Item(value: false, name: .createSecretNotifyTitle,
-                                                 description: "create_secret_notify_description",
+                                                 description: .createSecretNotifyDescription,
                                                  thumbnail: NotificationView())
                     ], selection: $requiresAuthentication)
                 }
             }
             HStack {
                 Spacer()
-                Button("create_secret_cancel_button") {
+                Button(.createSecretCancelButton) {
                     showing = false
                 }
                 .keyboardShortcut(.cancelAction)
-                Button("create_secret_create_button", action: save)
+                Button(.createSecretCreateButton, action: save)
                     .disabled(name.isEmpty)
                     .keyboardShortcut(.defaultAction)
             }
@@ -98,11 +98,11 @@ extension ThumbnailPickerView {
     struct Item<InnerValueType: Hashable>: Identifiable {
         let id = UUID()
         let value: InnerValueType
-        let name: LocalizedStringKey
+        let name: LocalizedStringResource
-        let description: LocalizedStringKey
+        let description: LocalizedStringResource
         let thumbnail: AnyView
 
-        init<ViewType: View>(value: InnerValueType, name: LocalizedStringKey, description: LocalizedStringKey, thumbnail: ViewType) {
+        init<ViewType: View>(value: InnerValueType, name: LocalizedStringResource, description: LocalizedStringResource, thumbnail: ViewType) {
             self.value = value
             self.name = name
             self.description = description

Sources/Secretive/Views/DeleteSecretView.swift

@@ -18,24 +18,24 @@ struct DeleteSecretView<StoreType: SecretStoreModifiable>: View {
                     .padding()
                 VStack {
                     HStack {
-                        Text("delete_confirmation_title_\(secret.name)").bold()
+                        Text(.deleteConfirmationTitle(secretName: secret.name)).bold()
                         Spacer()
                     }
                     HStack {
-                        Text("delete_confirmation_description_\(secret.name)_\(secret.name)")
+                        Text(.deleteConfirmationDescription(secretName: secret.name, confirmSecretName: secret.name))
                         Spacer()
                     }
                     HStack {
-                        Text("delete_confirmation_confirm_name_label")
+                        Text(.deleteConfirmationConfirmNameLabel)
                         TextField(secret.name, text: $confirm)
                     }
                 }
             }
             HStack {
                 Spacer()
-                Button("delete_confirmation_delete_button", action: delete)
+                Button(.deleteConfirmationDeleteButton, action: delete)
                     .disabled(confirm != secret.name)
-                Button("delete_confirmation_cancel_button") {
+                Button(.deleteConfirmationCancelButton) {
                     dismissalBlock(false)
                 }
                 .keyboardShortcut(.cancelAction)

Sources/Secretive/Views/EmptyStoreView.swift

@@ -18,9 +18,9 @@ struct EmptyStoreImmutableView: View {
     
     var body: some View {
         VStack {
-            Text("empty_store_nonmodifiable_title").bold()
+            Text(.emptyStoreNonmodifiableTitle).bold()
-            Text("empty_store_nonmodifiable_description")
+            Text(.emptyStoreNonmodifiableDescription)
-            Text("empty_store_nonmodifiable_supported_key_types")
+            Text(.emptyStoreNonmodifiableSupportedKeyTypes)
         }.frame(maxWidth: .infinity, maxHeight: .infinity)
     }
     
@@ -49,8 +49,8 @@ struct EmptyStoreModifiableView: View {
                         path.addLine(to: CGPoint(x: g.size.width - 3, y: 0))
                     }.fill()
                 }.frame(height: (windowGeometry.size.height/2) - 20).padding()
-                Text("empty_store_modifiable_click_here_title").bold()
+                Text(.emptyStoreModifiableClickHereTitle).bold()
-                Text("empty_store_modifiable_click_here_description")
+                Text(.emptyStoreModifiableClickHereDescription)
                 Spacer()
             }.frame(maxWidth: .infinity, maxHeight: .infinity)
         }

Sources/Secretive/Views/NoStoresView.swift

@@ -4,10 +4,10 @@ struct NoStoresView: View {
 
     var body: some View {
         VStack {
-            Text("no_secure_storage_title")
+            Text(.noSecureStorageTitle)
                 .bold()
-            Text("no_secure_storage_description")
+            Text(.noSecureStorageDescription)
-            Link("no_secure_storage_yubico_link", destination: URL(string: "https://www.yubico.com/products/compare-yubikey-5-series/")!)
+            Link(.noSecureStorageYubicoLink, destination: URL(string: "https://www.yubico.com/products/compare-yubikey-5-series/")!)
         }.padding()
     }
     

Sources/Secretive/Views/RenameSecretView.swift

@@ -18,7 +18,7 @@ struct RenameSecretView<StoreType: SecretStoreModifiable>: View {
                     .padding()
                 VStack {
                     HStack {
-                        Text("rename_title_\(secret.name)")
+                        Text(.renameTitle(secretName: secret.name))
                         Spacer()
                     }
                     HStack {
@@ -28,10 +28,10 @@ struct RenameSecretView<StoreType: SecretStoreModifiable>: View {
             }
             HStack {
                 Spacer()
-                Button("rename_rename_button", action: rename)
+                Button(.renameRenameButton, action: rename)
                     .disabled(newName.count == 0)
                     .keyboardShortcut(.return)
-                Button("rename_cancel_button") {
+                Button(.renameCancelButton) {
                     dismissalBlock(false)
                 }.keyboardShortcut(.cancelAction)
             }

Sources/Secretive/Views/SecretDetailView.swift

@@ -12,16 +12,16 @@ struct SecretDetailView<SecretType: Secret>: View {
         ScrollView {
             Form {
                 Section {
-                    CopyableView(title: "secret_detail_sha256_fingerprint_label", image: Image(systemName: "touchid"), text: keyWriter.openSSHSHA256Fingerprint(secret: secret))
+                    CopyableView(title: .secretDetailSha256FingerprintLabel, image: Image(systemName: "touchid"), text: keyWriter.openSSHSHA256Fingerprint(secret: secret))
                     Spacer()
                         .frame(height: 20)
-                    CopyableView(title: "secret_detail_md5_fingerprint_label", image: Image(systemName: "touchid"), text: keyWriter.openSSHMD5Fingerprint(secret: secret))
+                    CopyableView(title: .secretDetailMd5FingerprintLabel, image: Image(systemName: "touchid"), text: keyWriter.openSSHMD5Fingerprint(secret: secret))
                     Spacer()
                         .frame(height: 20)
-                    CopyableView(title: "secret_detail_public_key_label", image: Image(systemName: "key"), text: keyString)
+                    CopyableView(title: .secretDetailPublicKeyLabel, image: Image(systemName: "key"), text: keyString)
                     Spacer()
                         .frame(height: 20)
-                    CopyableView(title: "secret_detail_public_key_path_label", image: Image(systemName: "lock.doc"), text: publicKeyFileStoreController.publicKeyPath(for: secret))
+                    CopyableView(title: .secretDetailPublicKeyPathLabel, image: Image(systemName: "lock.doc"), text: publicKeyFileStoreController.publicKeyPath(for: secret))
                     Spacer()
                 }
             }

Sources/Secretive/Views/SecretListItemView.swift

@@ -39,10 +39,10 @@ struct SecretListItemView: View {
         .contextMenu {
             if store is AnySecretStoreModifiable {
                 Button(action: { isRenaming = true }) {
-                    Text("secret_list_rename_button")
+                    Text(.secretListRenameButton)
                 }
                 Button(action: { isDeleting = true }) {
-                    Text("secret_list_delete_button")
+                    Text(.secretListDeleteButton)
                 }
             }
         }

Sources/Secretive/Views/SetupView.swift

@@ -61,7 +61,7 @@ struct StepView: View {
                             Circle()
                                 .foregroundColor(.green)
                                 .frame(width: Constants.circleWidth, height: Constants.circleWidth)
-                            Text("setup_step_complete_symbol")
+                            Text(.setupStepCompleteSymbol)
                                 .foregroundColor(.white)
                                 .bold()
                         } else {
@@ -101,14 +101,14 @@ extension StepView {
 
 struct SetupStepView<Content> : View where Content : View {
 
-    let title: LocalizedStringKey
+    let title: LocalizedStringResource
     let image: Image
-    let bodyText: LocalizedStringKey
+    let bodyText: LocalizedStringResource
-    let buttonTitle: LocalizedStringKey
+    let buttonTitle: LocalizedStringResource
     let buttonAction: () -> Void
     let content: Content
 
-    init(title: LocalizedStringKey, image: Image, bodyText: LocalizedStringKey, buttonTitle: LocalizedStringKey, buttonAction: @escaping () -> Void = {}, @ViewBuilder content: () -> Content) {
+    init(title: LocalizedStringResource, image: Image, bodyText: LocalizedStringResource, buttonTitle: LocalizedStringResource, buttonAction: @escaping () -> Void = {}, @ViewBuilder content: () -> Content) {
         self.title = title
         self.image = image
         self.bodyText = bodyText
@@ -145,12 +145,12 @@ struct SecretAgentSetupView: View {
     let buttonAction: () -> Void
 
     var body: some View {
-        SetupStepView(title: "setup_agent_title",
+        SetupStepView(title: .setupAgentTitle,
                       image: Image(nsImage: NSApplication.shared.applicationIconImage),
-                      bodyText: "setup_agent_description",
+                      bodyText: .setupAgentDescription,
-                      buttonTitle: "setup_agent_install_button",
+                      buttonTitle: .setupAgentInstallButton,
                       buttonAction: install) {
-            Text("setup_agent_activity_monitor_description")
+            Text(.setupAgentActivityMonitorDescription)
                 .multilineTextAlignment(.center)
         }
     }
@@ -172,12 +172,12 @@ struct SSHAgentSetupView: View {
     @State private var selectedShellInstruction: ShellConfigInstruction = controller.shellInstructions.first!
 
     var body: some View {
-        SetupStepView(title: "setup_ssh_title",
+        SetupStepView(title: .setupSshTitle,
                       image: Image(systemName: "terminal"),
-                      bodyText: "setup_ssh_description",
+                      bodyText: .setupSshDescription,
-                      buttonTitle: "setup_ssh_added_manually_button",
+                      buttonTitle: .setupSshAddedManuallyButton,
                       buttonAction: buttonAction) {
-        Link("setup_third_party_faq_link", destination: URL(string: "https://github.com/maxgoedjen/secretive/blob/main/APP_CONFIG.md")!)
+        Link(.setupThirdPartyFaqLink, destination: URL(string: "https://github.com/maxgoedjen/secretive/blob/main/APP_CONFIG.md")!)
             Picker(selection: $selectedShellInstruction, label: EmptyView()) {
                 ForEach(SSHAgentSetupView.controller.shellInstructions) { instruction in
                     Text(instruction.shell)
@@ -185,8 +185,8 @@ struct SSHAgentSetupView: View {
                         .padding()
                 }
             }.pickerStyle(SegmentedPickerStyle())
-            CopyableView(title: "setup_ssh_add_to_config_button_\(selectedShellInstruction.shellConfigPath)", image: Image(systemName: "greaterthan.square"), text: selectedShellInstruction.text)
+            CopyableView(title: .setupSshAddToConfigButton(configPath: selectedShellInstruction.shellConfigPath), image: Image(systemName: "greaterthan.square"), text: selectedShellInstruction.text)
-            Button("setup_ssh_add_for_me_button") {
+            Button(.setupSshAddForMeButton) {
                 let controller = ShellConfigurationController()
                 if controller.addToShell(shellInstructions: selectedShellInstruction) {
                     buttonAction()
@@ -216,12 +216,12 @@ struct UpdaterExplainerView: View {
     let buttonAction: () -> Void
 
     var body: some View {
-        SetupStepView(title: "setup_updates_title",
+        SetupStepView(title: .setupUpdatesTitle,
                       image: Image(systemName: "dot.radiowaves.left.and.right"),
-                      bodyText: "setup_updates_description",
+                      bodyText: .setupUpdatesDescription,
-                      buttonTitle: "setup_updates_ok",
+                      buttonTitle: .setupUpdatesOk,
                       buttonAction: buttonAction) {
-            Link("setup_updates_readmore", destination: SetupView.Constants.updaterFAQURL)
+            Link(.setupUpdatesReadmore, destination: SetupView.Constants.updaterFAQURL)
         }
     }
 

Sources/Secretive/Views/UpdateView.swift

@@ -9,22 +9,22 @@ struct UpdateDetailView: View {
 
     var body: some View {
         VStack {
-            Text("update_version_name_\(update.name)").font(.title)
+            Text(.updateVersionName(updateName: update.name)).font(.title)
-            GroupBox(label: Text("update_release_notes_title")) {
+            GroupBox(label: Text(.updateReleaseNotesTitle)) {
                 ScrollView {
                     attributedBody
                 }
             }
             HStack {
                 if !update.critical {
-                    Button("update_ignore_button") {
+                    Button(.updateIgnoreButton) {
                         Task {
                             await updater.ignore(release: update)
                         }
                     }
                     Spacer()
                 }
-                Button("update_update_button") {
+                Button(.updateUpdateButton) {
                     NSWorkspace.shared.open(update.html_url)
                 }
                 .keyboardShortcut(.defaultAction)