Storing user API keys safely in the iOS Keychain

A BYOK app lives or dies on key handling. In Scowld, keys never leave the device except as an Authorization header to the provider you chose.

Rules I followed:

1. Keychain only — never UserDefaults, never bundled files.
2. Keys are not in the App Store binary.
3. Nothing is logged or sent to analytics.
4. The code is open source so the claim is auditable.

Write-up + code: https://github.com/apoorvdarshan/scowld