SecureStorage

#Overview

The SecureStorage API provides secure storage using the device's native keychain (iOS) or keystore (Android). It's ideal for storing sensitive data like tokens, passwords, and user credentials.

use Native\Mobile\Facades\SecureStorage;

#Methods

#set()

Stores a secure value in the native keychain or keystore.

Parameters:

• string $key - The key to store the value under
• string|null $value - The value to store securely

Returns: bool - true if successfully stored, false otherwise

SecureStorage::set('api_token', 'abc123xyz');

#get()

Retrieves a secure value from the native keychain or keystore.

Parameters:

• string $key - The key to retrieve the value for

Returns: string|null - The stored value or null if not found

$token = SecureStorage::get('api_token');

#delete()

Deletes a secure value from the native keychain or keystore.

Parameters:

• string $key - The key to delete the value for

Returns: bool - true if successfully deleted, false otherwise

#Platform Implementation

#iOS - Keychain Services

• Uses the iOS Keychain Services API
• Data is encrypted and tied to your app's bundle ID
• Survives app deletion and reinstallation if iCloud Keychain is enabled
• Protected by device passcode/biometrics

#Android - Keystore

• Uses Android Keystore system
• Hardware-backed encryption when available
• Data is automatically deleted when app is uninstalled
• Protected by device lock screen

#Security Features

• Encryption: All data is automatically encrypted
• App Isolation: Data is only accessible by your app
• System Protection: Protected by device authentication
• Tamper Resistance: Hardware-backed security when available

#What to Store

• API tokens and refresh tokens
• User credentials (if necessary)
• Encryption keys
• Sensitive user preferences
• Two-factor authentication secrets

#What NOT to Store

• Large amounts of data (use encrypted database instead)
• Non-sensitive data
• Temporary data
• Cached content