@heywhy/ns-secure-storage
Installation
From the command prompt go to your app's root folder and execute:
ns plugin add @heywhy/ns-secure-storage
Usage
This plugin maintains the same API as @nativescript/secure-storage but with missing improvements.
iOS Security++
By default the plugin uses kSecAttrAccessibleAlwaysThisDeviceOnly
access control to the keychain. This means that the keychain value can be accessed even if the device is locked. If you want to enhance security and you do not need background access, or if you want to allow the value to be backed up and migrated to another device, you can use any of keys defined here and pass it when you create an instance of SecureStorage
, for example
declare const kSecAttrAccessibleWhenUnlockedThisDeviceOnly; // This is needed in case you don't have tns-platform-declarations module installed.
const secureStorage = new SecureStorage({accessibilityType: kSecAttrAccessibleWhenUnlockedThisDeviceOnly})
iOS Simulator
Currently this plugin defaults to using NSUserDefaults
on iOS Simulators. You can change this behaviour by providing disableFallbackToUserDefaults
to the constructor of SecureStorage
. This then uses the keychain instead of NSUserDefaults
on simulators.
const secureStorage = new SecureStorage({disableFallbackToUserDefaults: true})
If you're running into issues similar to issue_10, consider using the default behaviour again.
iOS Keychain Access Groups
You can share secrets between apps/extensions via Keychain access groups.
To setup:
-
Add a keychain access group entitlement to your app by adding an entry in the
app/App_Resources/iOS/<someName>.entitlements
file.e.g.
<key>keychain-access-groups</key> <array> <string>$(AppIdentifierPrefix)com.my.app.sharedgroup</string> </array>
-
Then in your app specify the
accessGroup
property when getting/setting values. e.g.import { SecureStorage } from "@heywhy/ns-secure-storage"; export class MyComponent { secureStorage = new SecureStorage(); // a method that can be called from your view setSecureValue() { this.secureStorage.set({ accessGroup:"<TeamID>.com.my.app.sharedgroup", key: 'myKey', value: 'my value' }).then(success => { console.log(success)}); } }
License
Apache License Version 2.0