How to manage Secure Enclave card storage limits

Apple's T2 chip

Apple's Secure Enclave is a protected area on Apple's devices which holds keys, encrypted data, cards, and other security information.

The idea behind Secure Enclave is that it's a separate subsystem on Apple devices so if the main processor or OS gets compromised, your secure data is still safe.

Secure Enclave was introduced with Apple's A7 and T2 chips and it uses AES cryptography to encode information so it's not plain-text readable without decryption. A separate System On-A-Chip (SoC) is included in Apple devices to manage the Secure Enclave.

Apple later added a second-gen Secure Enclave starting with A14 processors in the fall of 2020.

Secure Enclave is also built into all Apple Silicon-based systems.

Secure Enclave uses Public Key Infrastructure (PKI) internally to ensure only your security identifiers such as passwords, TouchID, and passkeys can be used to unlock your data. There's a hardware and a software component to Secure Enclave and they work together to keep your sensitive data safe on your Apple devices.

The Apple Cash app also uses the Secure Enclave.

Apple holds a patent on its Secure Enclave technology, but there are similar Trusted Computing systems such as ARM's TrustZone.

Secure Enclave, cards, and Apple Wallet

One of the major uses of Secure Enclave is to encode, store, and retrieve your sensitive data and passes in the Apple Wallet app for later use.

Apple Wallet, Apple Pay, and passes together are known as PassKit. Third-party developers can add PassKit to their apps to manage Apple Pay and passes in the user's Wallet.

In Apple terminology a "pass" is any card which you add to the Apple Wallet app on your device which requires a password or other security key to access.

Passes can include airline boarding passes, credit cards, bank cards, door lock keys for home and hotels, transit passes, loyalty cards, gift cards, IDs, and other types of passes. By adding passes digitally to Apple Wallet you can use your Apple device to pay for goods and services, and as an ID device where one is required.

Technically payment cards are separate and can be added to Apple Pay to make payments anywhere Apple Pay is accepted, but from a security and Enclave standpoint, they all function similarly.

Obviously, you don't want any of the secure details of your passes to be available to anyone who might gain access to your phone. Apple Wallet provides this security by encrypting your pass info and keys in the Secure Enclave where only you can retrieve them.

Apple Wallet limitations

Since Apple Wallet uses the Secure Enclave, and since the Enclave uses its own nonvolatile memory to encode and store your pass and key info, there's a limit to how many passes you can store on your Apple device before the Enclave's memory becomes full.

When that happens you won't be able to add any more cards and passes to your device until you remove some exiting ones.

In order to add or remove passes to Apple Wallet, you must have already set up an Apple account, and must have set up Apple Wallet on your device.

There is no Apple Wallet app on iPads. Those devices lack the Near-Field Communication (NFC) Bluetooth and hardware which Apple calls the Secure Element, which iPhones use to make wireless mobile payments at Point-Of-Sale (POS) checkout registers.

When you use your iPhone to pay at a register or transit point, it communicates with the other device using NFC standards and usually the Bluetooth device built-in to most iPhones.

Apple began shipping universal NFC hardware in iPhone 8 and later, but if you're in Japan, you'll need a GSM iPhone, or one sold in Japan because Japan has its own NFC standard called NFC-F which is based on Sony's NFC technology called FeliCa.

If you are in Japan you can also check transit card balances stored in your Wallet using Ryoga Tanaka's app Japan NFC Reader.

iPad does however have a Wallet and Apple Pay section in the Settings app which you can use to add and remove cards and passes, and check your Apple Pay and Apple Cash balances. So if you're on iPad you can at least see your balances even though it doesn't have the Apple Wallet App.

Apple doesn't publish a hard-limit on how many cards max you can have in your Apple Wallet, but most users seem to agree the current limit appears to be around twenty-five total. Let us know if you have a different experience.

Check Apple Wallet for existing cards

If you try to add a new card to Apple Wallet and you get an error saying no more cards can be added, it may be because you've added enough cards to fill up the Secure Enclave's internal memory and it has no more room to store additional card data.

In that case you only have one option. You'll have to remove some existing cards or passes from Apple Wallet in order to make space in the Secure Enclave to add new ones.

The decision as to which cards or passes to delete is up to you, but obviously you'll have to make some trade-offs by deleting less important or infrequently used passes.

Card metrics

If you tried to add a card and got a warning that it couldn't be added because space was full, you may have gotten an alert which said "Unable to Add Card" - along with a graph and metrics for each existing card or pass. If so, the warning also probably also told you how much space needed to be freed in order to add the card.

iOS provides a small graph in the warning showing total usage by card and pass type, as well a Check Usage row just below the graph.

If you tap the Check Usage row it will take you to a pane where you can view specific usage details about each card and pass on your device.

Also in the Add Card warning pane, you'll see a list of current cards and passes, with a percentage next to each. You can use the percentage indicators to help decide which cards to remove to free up space.

How to remove cards and passes from Apple Wallet

If you find your Secure Enclave is full, you can remove cards either from the Wallet & Apple Pay Settings pane, or you can remove them from Apple Wallet itself. You can remove existing passes in the Wallet app directly.

To remove cards from the Settings app, open that app, scroll down and tap Wallet & Apple Pay, then tap on an existing card under the Payment Cards section, then tap Remove Card.

You can remove existing passes from the Apple Wallet app by tapping a pass in the app, then tapping the button with three dots in it, then tapping Pass Details. From there tap Delete Pass and confirm you want to delete it.

You'll want to check the Wallet & Apple Pay settings pane and the Apple Wallet app from time to time to check how much Secure Enclave space each pass is using so you can keep a little extra space freed up for any new passes you may need to add.

Offloading Transit cards to iCloud

If you use a transit card for transportation such as rail or bus, you can store your transit card in iCloud using the iCloud backup feature in iOS Settings, remove it from the Apple Wallet app, then add it back to Apple Wallet on another iOS device by restoring from the backup.

Apple provides this ability because it includes what it calls Express Mode for transit cards, passes, and keys when using both your iPhone and Apple Watch.

The ability to sync transit cards to iCloud also keeps your transaction history for those cards in sync across all your devices that use them.

The Wallet app has to be turned on in the Settings->iCloud settings on your iPhone for this to work.