capacitor-community
Secure Storage
Plugin Request
Name: Secure Storage
Package: @capacitor-community/secure-storage
Platform(s)
Android, iOS
Web would not be supported. Electron, I am not familiar enough with to know if there is a secure storage mechanism.
Existing Solutions
There is an existing secure storage plugin, https://github.com/martinkasa/capacitor-secure-storage-plugin, but it does not use EncryptedSharedPrefences and implements its own encryption process for Android.
There is also Identify Vault provided by Ionic. It does cost money and is focused on identity and sessions. It does not work as well for simple non-identity secure storage use cases.
Description
It would be very similar to the existing Storage API. In fact, the API interface would be nearly identical if not exactly the same. The difference would be where the values are stored. On iOS it would be in the Keychain. On Android, it would be in EncryptedSharedPreferences. Using these two native APIs would greatly reduce complexity and dependency on 3rd party libraries for encryption. It would also make accessing the secrets from other native code and processes much code easier.
One potential issue is that EncryptedSharedPreference currently requires Android API version 23 (Android 6.0 Marshmallow) and Capacitor is still supporting 5.0.
Storing secrets is a core tenet of many applications and this feels like a hole in the current Capacitor Platform.
API interface not exactly the same, because for example when setting data in keychain you can specify if touchId is to be required to get it back or not. So, an additional param similar to how the older @ionic-native/keychain works.
Correct, and ideally there would be a way to set/override this unique key prefix, either globally or on a per-method basis.
Could anyone mention what's the third party plugin that handles this use case?
Made a very basic implementation that securely stores key/value pairs here :
https://github.com/Ookamini95/capacitor-secure-passwords/tree/main
