July 30, 2026 — The unofficial Laracon US Day 3. Get your ticket to The Vibes

SecureStorage

Overview#

The SecureStorage API provides secure storage using the device's native keychain (iOS) or keystore (Android). It's ideal for storing sensitive data like tokens, passwords, and user credentials.

Import
Copied! 
use Native\Mobile\Facades\SecureStorage;
Copied! 
import { secureStorage } from '#nativephp';

Methods#

set()#

Stores a secure value in the native keychain or keystore.

Parameters:

  • string $key - The key to store the value under
  • string|null $value - The value to store securely

Returns: bool - true if successfully stored, false otherwise

Set Secure Value
Copied! 
SecureStorage::set('api_token', 'abc123xyz');
Copied! 
const result = await secureStorage.set('api_token', 'abc123xyz');
 
if (result.success) {
    // Value stored securely
}

get()#

Retrieves a secure value from the native keychain or keystore.

Parameters:

  • string $key - The key to retrieve the value for

Returns: string|null - The stored value or null if not found

Get Secure Value
Copied! 
$token = SecureStorage::get('api_token');
Copied! 
const result = await secureStorage.get('api_token');
const token = result.value; // or null if not found

delete()#

Deletes a secure value from the native keychain or keystore.

Parameters:

  • string $key - The key to delete the value for

Returns: bool - true if successfully deleted, false otherwise

Delete Secure Value
Copied! 
SecureStorage::delete('api_token');
Copied! 
const result = await secureStorage.delete('api_token');
 
if (result.success) {
    // Value deleted
}

Platform Implementation#

iOS - Keychain Services#

  • Uses the iOS Keychain Services API
  • Data is encrypted and tied to your app's bundle ID
  • Survives app deletion and reinstallation if iCloud Keychain is enabled
  • Protected by device passcode/biometrics

Android - Keystore#

  • Uses Android Keystore system
  • Hardware-backed encryption when available
  • Data is automatically deleted when app is uninstalled
  • Protected by device lock screen

Security Features#

  • Encryption: All data is automatically encrypted
  • App Isolation: Data is only accessible by your app
  • System Protection: Protected by device authentication
  • Tamper Resistance: Hardware-backed security when available

What to Store#

  • API tokens and refresh tokens
  • User credentials (if necessary)
  • Encryption keys
  • Sensitive user preferences
  • Two-factor authentication secrets

What NOT to Store#

  • Large amounts of data (use encrypted database instead)
  • Non-sensitive data
  • Temporary data
  • Cached content
Previous
Scanner
Next
Share
Edit this page on GitHub
Plugin Dev Kit
Build native plugins with Claude Code
Learn More
NativePHP Ultra
All NativePHP plugins, teams & priority support from $35/mo
Learn More
The Vibes
The unofficial Laracon US Day 3
Grab Your Spot
Only 100 tickets!
The Masterclass
Go from zero to published app
in no time
Learn More
Early Bird Pricing
Build Secure, Scalable Web Apps Become a Partner