Skip to content

Latest commit

 

History

History
76 lines (51 loc) · 3.79 KB

PasswordVault.md

File metadata and controls

76 lines (51 loc) · 3.79 KB
uid
Uno.Features.PasswordVault

Credentials storage

Tip

This article covers Uno-specific information for Windows.Security.Credentials.PasswordVault API. For a full description of the feature and instructions on using it, see PasswordVault Class.

  • The PasswordVault is a credentials manager that is persisted using a secured storage.
  • PasswordCredential is used to manipulate passwords in the vault.

Supported features

Feature Windows Android iOS Web (WASM) Catalyst AppKit Linux (Skia) Win 7 (Skia) Tizen
PasswordVault
PasswordCredential Partial Partial Partial Partial Partial

PasswordVault

The PasswordVault is designed to be a safe place to store the user's credentials and tokens. It's backed by the hardware encryption mechanism of each platform, which provides a high level of security. However, the PasswordVault does not offer any memory security feature.

Below see the implementation information for each platform:

Android

The implementation uses the AndroidKeyStore which was introduced with API 18 (4.3). The KeyStore is used to generate a symmetric key which is then used to encrypt and decrypt a file persisted in the application directory. The key is managed by the KeyStore itself, which usually uses the hardware component to persist it. The key is not even accessible to the application.

For more information, see KeyStore.

iOS

The PasswordVault is directly stored in the iOS KeyChain which is the recommended way to store secrets on iOS devices. It's backed by hardware components that ensure that the data is almost impossible to retrieve if not granted.

For more information, see Storing Keys in the Keychain.

WebAssembly

There is no way to persist a secured data in a Web browser. Even if we generate a key to encrypt it, there is no safe place to store this key except by relying on server components, which broke the offline support (and Progressive Web App). So currently we preferred to not implement the PasswordVault. It will throw a NotSupportedException when you try to create a new instance.

PasswordCredential

This class is implemented, however it never hides the password like the UWP does. This means that the RetrievePassword method does nothing, but we recommend to still use it in order to ensure cross-platform compatibility.

The Properties property is not implemented.

Sample

Storing a credential

var vault = new Windows.Security.Credentials.PasswordVault();
vault.Add(new Windows.Security.Credentials.PasswordCredential(
    "My App", username, password));

Retrieving a credential

var vault = new Windows.Security.Credentials.PasswordVault();
var credential = vault.Retrieve("My App", userName);
credential.RetrievePassword();
var password = credential.Password;