Secure Storage

API Reference
Secure Storage Admin API
Secure Storage Constraints


This API for accessing secure storage.

Secure storage can be used to store sensitive information like passwords, keys, certificates, etc. All data in the secure storage is in an encrypted format. Each app using this API only has access to its own secure storage data.

App's items in secure storage have a name and a value. The item name is used to access the item's value and can be maximum 255 characters. The item name can contain path separators, '/', to help organize an app's data. Item names cannot contain a trailing separator.

To create or update an item, use le_secStore_Write() to specify the item's name and value. If the item doesn't exist, it'll be created. Each item can be a maximum of 8192 bytes. If it's larger, le_secStore_Write() will fail.

Additionally, an app's total secure storage usage is limited by the maxSecureStorageBytes setting that may be specified in the xdef files. The maxSecureStorageBytes default is 8192 bytes.

Writing to secure storage may also fail if the system-wide secure storage is out of memory. The system-wide secure storage memory amount is platform dependent (see Secure Storage).

To read an item, use le_secStore_Read(), and specify the item's name. To delete an item, use le_secStore_Delete().

For deleting all the contents of an app, special item name "*" is supported. Example, le_secStore_Delete("*") will erase all the securage storage contents of a given app. Note that the special item name is not supported for reading and writing from secure storage.

All the functions in this API are provided by the secStore service.

Here's a code sample binding to this service:

bindings:
{
   clientExe.clientComponent.le_secStore -> secStore.le_secStore
}

Whenever the secure storage is modified, a timer of 300 seconds is started. When the timer expires, a backup is performed to capture all changes since the previous backup. If the secure storage is not modified, then the backup is not performed. If corruption in the secure storage is detected, a restore is performed and the target device is rebooted.

Global Secure Storage

This same API also provides access to a global area that can be shared across the system. This interface is called secStoreGlobal.

Here's a code sample binding to this service:

bindings:
{
   clientExe.clientComponent.secStoreGlobal -> secStore.secStoreGlobal
}

And the following code should be used to use the API from your .cdef file:

requires:
{
  api:

  {
    secStoreGlobal = le_secStore.api
 }
}