Secure Storage

Store sensitive data safely on device

🗄️ What is Secure Storage?

Secure storage saves sensitive data like tokens, passwords, and user credentials safely on the device. Flutter uses platform-specific secure storage (Keychain on iOS, KeyStore on Android) to protect data from unauthorized access and tampering. 


// Store data securely
await storage.write(key: 'token', value: 'user_token_123');
// Read secure data
String? token = await storage.read(key: 'token');

Key Secure Storage Concepts

💾

Write Data

Save sensitive information securely to device storage with encryption protection 

await storage.write(
  key: 'password',
  value: 'secret123'
);
📖

Read Data

Retrieve stored secure data from device when needed in your application 

String? value = 
  await storage.read(key: 'password');
🗑️

Delete Data

Remove specific secure data from storage when no longer needed or on logout 

await storage.delete(
  key: 'password'
);
🔐

Platform Security

Uses iOS Keychain and Android KeyStore for hardware-backed encryption security 

final storage = 
  FlutterSecureStorage();

🔹 Setup Secure Storage

Add flutter_secure_storage package to your project: 

# pubspec.yaml
dependencies:
  flutter_secure_storage: ^9.0.0
// Import and initialize
import 'package:flutter_secure_storage/flutter_secure_storage.dart';

final storage = FlutterSecureStorage();

Result:

Secure storage is ready to safely store sensitive data on the device.

🔹 Store User Token

Save authentication tokens securely: 

class TokenStorage {
  final storage = FlutterSecureStorage();

  // Save token
  Future saveToken(String token) async {
    await storage.write(key: 'auth_token', value: token);
    print('Token saved securely');
  }

  // Read token
  Future getToken() async {
    String? token = await storage.read(key: 'auth_token');
    return token;
  }

  // Delete token (logout)
  Future deleteToken() async {
    await storage.delete(key: 'auth_token');
    print('Token deleted');
  }
}

// Usage
final tokenStorage = TokenStorage();
await tokenStorage.saveToken('eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...');
String? token = await tokenStorage.getToken();

Result:

Authentication token stored securely and can be retrieved for API calls.

🔹 Store User Credentials

Save login credentials for auto-login feature: 

class CredentialStorage {
  final storage = FlutterSecureStorage();

  // Save credentials
  Future saveCredentials(String email, String password) async {
    await storage.write(key: 'user_email', value: email);
    await storage.write(key: 'user_password', value: password);
  }

  // Read credentials
  Future> getCredentials() async {
    String? email = await storage.read(key: 'user_email');
    String? password = await storage.read(key: 'user_password');
    return {'email': email, 'password': password};
  }

  // Clear credentials
  Future clearCredentials() async {
    await storage.delete(key: 'user_email');
    await storage.delete(key: 'user_password');
  }
}

// Usage
final credStorage = CredentialStorage();
await credStorage.saveCredentials('[email protected]', 'password123');
Map creds = await credStorage.getCredentials();

Result:

User credentials stored securely for convenient auto-login functionality.

🔹 Read All Stored Data

Retrieve all key-value pairs from secure storage: 

Future readAllSecureData() async {
  final storage = FlutterSecureStorage();
  
  // Read all values
  Map allValues = await storage.readAll();
  
  // Print all stored data
  allValues.forEach((key, value) {
    print('Key: $key, Value: $value');
  });
}

// Usage
await readAllSecureData();

Result:

All securely stored key-value pairs are retrieved and displayed.

🔹 Delete All Secure Data

Clear all data from secure storage (useful for logout): 

Future clearAllSecureData() async {
  final storage = FlutterSecureStorage();
  
  // Delete all stored data
  await storage.deleteAll();
  print('All secure data cleared');
}

// Use in logout function
Future logout() async {
  await clearAllSecureData();
  // Navigate to login screen
  Navigator.pushReplacementNamed(context, '/login');
}

Result:

All secure storage data removed, ensuring clean logout state.

🔹 Check if Key Exists

Verify if data exists before reading: 

Future hasToken() async {
  final storage = FlutterSecureStorage();
  
  String? token = await storage.read(key: 'auth_token');
  return token != null;
}

// Usage in app startup
Future checkAuthStatus() async {
  bool isLoggedIn = await hasToken();
  
  if (isLoggedIn) {
    // Navigate to home
    Navigator.pushReplacementNamed(context, '/home');
  } else {
    // Navigate to login
    Navigator.pushReplacementNamed(context, '/login');
  }
}

Result:

App checks for stored token and navigates to appropriate screen on startup.

🔹 Secure Storage Options

Configure storage with custom options: 

// Create storage with options
final storage = FlutterSecureStorage(
  aOptions: AndroidOptions(
    encryptedSharedPreferences: true,
  ),
  iOptions: IOSOptions(
    accessibility: KeychainAccessibility.first_unlock,
  ),
);

// Write with options
await storage.write(
  key: 'sensitive_data',
  value: 'important_value',
  aOptions: AndroidOptions(
    encryptedSharedPreferences: true,
  ),
);

Result:

Storage configured with platform-specific security options for enhanced protection.

🧠 Test Your Knowledge

Which method is used to save data in Flutter Secure Storage?