Plugin Marketplace

nativephp/mobile-secure-storage

Secure storage plugin for NativePHP Mobile (Keychain/EncryptedSharedPreferences)

#Secure Storage Plugin for NativePHP Mobile

Secure key-value storage using iOS Keychain and Android EncryptedSharedPreferences.

#Overview

The SecureStorage API provides encrypted storage for sensitive data like tokens, credentials, and user secrets.

#Installation

Copied!
composer require nativephp/mobile-secure-storage

#Usage

#PHP (Livewire/Blade)

Copied!
use Native\Mobile\Facades\SecureStorage;
 
// Store a value
SecureStorage::set('auth_token', 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...');
 
// Retrieve a value
$token = SecureStorage::get('auth_token');
 
if ($token) {
    // Use the token
}
 
// Delete a value
SecureStorage::delete('auth_token');

#JavaScript (Vue/React/Inertia)

Copied!
import { secureStorage } from '#nativephp';
 
// Store a value
await secureStorage.set('auth_token', 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...');
 
// Retrieve a value
const result = await secureStorage.get('auth_token');
if (result.value) {
    console.log('Token:', result.value);
}
 
// Delete a value
await secureStorage.delete('auth_token');

#Methods

#set(string $key, ?string $value): array

Store or delete a value.

Parameter Type Description
key string The key to store under
value string|null Value to store (null to delete)

Returns: { success: true }

#get(string $key): array

Retrieve a stored value.

Parameter Type Description
key string The key to retrieve

Returns: { value: string } (empty string if not found)

#delete(string $key): array

Delete a stored value.

Parameter Type Description
key string The key to delete

Returns: { success: true }

#Security

#Android

  • Uses EncryptedSharedPreferences with Android Keystore
  • AES-256-GCM encryption for values
  • AES-256-SIV encryption for keys
  • Data is hardware-backed on supported devices

#iOS

  • Uses iOS Keychain Services
  • Data is encrypted at rest
  • Protected by kSecAttrAccessibleWhenUnlockedThisDeviceOnly
  • Hardware-backed on devices with Secure Enclave

#Examples

#Store User Credentials

Copied!
use Native\Mobile\Facades\SecureStorage;
 
public function login($email, $password)
{
    // Authenticate...
    $token = $this->authenticate($email, $password);
 
    // Store token securely
    SecureStorage::set('auth_token', $token);
    SecureStorage::set('user_email', $email);
}
 
public function logout()
{
    SecureStorage::delete('auth_token');
    SecureStorage::delete('user_email');
}

#Check Stored Credentials on App Launch

Copied!
use Native\Mobile\Facades\SecureStorage;
 
public function checkAuth()
{
    $token = SecureStorage::get('auth_token');
 
    if ($token && !empty($token['value'])) {
        // Auto-login with stored token
        return $this->loginWithToken($token['value']);
    }
 
    return redirect('/login');
}