SecureStorage

#Overview

The SecureStorage API provides secure storage using the device's native keychain (iOS) or keystore (Android). It's ideal for storing sensitive data like tokens, passwords, and user credentials.

Import
Copied! 
use Native\Mobile\Facades\SecureStorage;
Copied! 
import { secureStorage } from '#nativephp';

#Methods

#set()

Stores a secure value in the native keychain or keystore.

Parameters:

  • string $key - The key to store the value under
  • string|null $value - The value to store securely

Returns: bool - true if successfully stored, false otherwise

Set Secure Value
Copied! 
SecureStorage::set('api_token', 'abc123xyz');
Copied! 
const result = await secureStorage.set('api_token', 'abc123xyz');
 
if (result.success) {
    // Value stored securely
}

#get()

Retrieves a secure value from the native keychain or keystore.

Parameters:

  • string $key - The key to retrieve the value for

Returns: string|null - The stored value or null if not found

Get Secure Value
Copied! 
$token = SecureStorage::get('api_token');
Copied! 
const result = await secureStorage.get('api_token');
const token = result.value; // or null if not found

#delete()

Deletes a secure value from the native keychain or keystore.

Parameters:

  • string $key - The key to delete the value for

Returns: bool - true if successfully deleted, false otherwise

Delete Secure Value
Copied! 
SecureStorage::delete('api_token');
Copied! 
const result = await secureStorage.delete('api_token');
 
if (result.success) {
    // Value deleted
}

#Platform Implementation

#iOS - Keychain Services

  • Uses the iOS Keychain Services API
  • Data is encrypted and tied to your app's bundle ID
  • Survives app deletion and reinstallation if iCloud Keychain is enabled
  • Protected by device passcode/biometrics

#Android - Keystore

  • Uses Android Keystore system
  • Hardware-backed encryption when available
  • Data is automatically deleted when app is uninstalled
  • Protected by device lock screen

#Security Features

  • Encryption: All data is automatically encrypted
  • App Isolation: Data is only accessible by your app
  • System Protection: Protected by device authentication
  • Tamper Resistance: Hardware-backed security when available

#What to Store

  • API tokens and refresh tokens
  • User credentials (if necessary)
  • Encryption keys
  • Sensitive user preferences
  • Two-factor authentication secrets

#What NOT to Store

  • Large amounts of data (use encrypted database instead)
  • Non-sensitive data
  • Temporary data
  • Cached content
Previous
Scanner
Next
Share
Edit this page on GitHub