This time we will be learning about Secure Storage using one of the great APIs that Xamarin.Essentials brings to us.
Imagine for example the user wants to save their password in an application so they don’t have to type it in every time they open the app. This type of information is sensitive and should be treated with greater security. How would we securely store this highly important and sensitive data in our applications?
Secure Storage comes in when you need save certain data such as an oauth_token or as the password in the above example. In addition, we’re using the keychain and keystore of each specific platform. Let’s learn how to use it!
Preferences
You probably already know about Preferences, which are very useful when you want to save non-private information—something like, Do you want the device to remember your email? / Yes. ♂
But you will surely be wondering, Can we use Preferences? Don’t they cover similar topics? And certainly the answer is yes, they are very similar topics—but don’t get confused between Preferences and Security Storage. There are key differences as you can see in the table below:
Platform Settings
On iOS: (This configuration is only necessary if you are developing in a simulator, otherwise it must be removed.)
- Enable the Keychain entitlement, then add keychain access group for the application’s bundle identifier.
- In your Entitlements.plist enable the Keychain.
- In the project properties under iOS Bundle Signing, set the
Custom Entitlements
to Entitlements.plist.
On Android:
First option—enable or disable backup: If you want to disable the full backup of your application, go to your AndroidManifest.xml and in your application tags set android:allowBackup to false.
<manifest ... >
<application android:allowBackup="false" ... >
</application>
</manifest>
Second option—selective backup: Or you can configure Automatic Backup to disable backup of specific content from backing up. (Also you can create a custom rule set to exclude SecureStore items from being backed up.)
- In your AndroidManifest.xml set the
android:fullBackupContent
attribute:
<application android:fullBackupContent="@xml/auto_bk_rules">
</application>
-
In the Resources/xml directory, create an XML file: In this example, the file is named auto_bk_rules.xml. Set AndroidResource as a build action.
-
Then set the following content that includes all shared preferences except for
SecureStorage
:
<?xml version="1.0" encoding="utf-8"?>
<full-backup-content>
<include domain="sharedpref" path="."/>
<exclude domain="sharedpref" path="${applicationId}.xamarinessentials.xml"/>
</full-backup-content>
On UWP: No additional setup required.
Let’s Start!
What is Secure Storage?
The SecureStorage class helps securely store simple key/value pairs.
Setting Secure Storage
To set some value, you just have to call the SecureStorage class followed with the SetAsync method. This method stores the encrypted values for a given key. It takes the following parameters:
Key name: It receives the name with which you want the data to be identified.
Key value: It receives the value with which you want to save the previously registered key.
await SecureStorage.SetAsync("oauth_token", "secret-oauth-token-value");
Getting Values From Secure Storage
To retrieve a value from Secure Storage, use the GetAsync method. It takes the following parameters:
Key name: Receives the name of the key from which you want to obtain the value. (⚠ If there is no value with this key, it will return a null.)
var oauthToken = await SecureStorage.GetAsync("oauth_token");
Removing a Specific Secure Store Key
➖ To remove a specific key: You only have to indicate the name of the key you want to remove.
SecureStorage.Remove("oauth_token");
➖ To remove all:
SecureStorage.RemoveAll();
⚠ Important: When using it, try to handle small amounts of text; otherwise performance may slow down.
And done! You can now use Secure Storage!
Thanks for reading!
References: https://docs.microsoft.com/en-us/xamarin/essentials/secure-storage?tabs=ios