Why Flutter Secure Storage is Essential for Storing Sensitive Data
If you’re dealing with user authentication, you know how crucial it is to keep sensitive data safe. That’s where Flutter Secure Storage comes into play and why it is a must for you to keep your sensitive data secure in 2025!!
1. What is Flutter Secure Storage?
So, what exactly is Flutter Secure Storage? Flutter Secure Storage is a library that provides a platform-agnostic solution to store sensitive data securely on both iOS and Android devices. Unlike Shared Preferences or Hive (even with its encryption method), which can store data in plain text, Flutter Secure Storage encrypts the data, making it much safer for storing crucial information like authentication tokens, passwords, and personal user data.
2. Why Do We Need Secure Storage?
You might be wondering, “Why can’t I just use Shared Preferences or Hive?” Well, while those options are great for general data storage, they don’t offer the same level of security. For example, When it comes to storing JWT tokens, you want to ensure that they’re protected from prying eyes.
Compare to Hive, there’s some uncertainty around Hive’s future and support. The developers have mentioned plans to rewrite it in Rust, which could affect its current features. Even the current features has many problem with flutter, Hive is an extremely unstable database.
Then if we looking at to Shared Preferences, in it’s documentation says “Data may be persisted to disk asynchronously, and there is no guarantee that writes will be persisted to disk after returning, so this plugin must not be used for storing critical data.” It all means that it is not recommend to store sensitive data with shared preferences.
So, opting for Flutter Secure Storage might be the safer bet for your app’s long-term security.
3. Implementing Flutter Secure Storage
Now, let’s dive into how we can implement this in our app. I created a helper class called secure_storage_helper.dart to make things easier. Here’s a quick rundown:
- The helper: Create functions for how it read and store the data, then we can create function to clear and remove like code below :
import 'package:flutter_secure_storage/flutter_secure_storage.dart';
class SecureStorageHelper<T> {
final _storage = const FlutterSecureStorage(
aOptions: AndroidOptions(encryptedSharedPreferences: true),
iOptions: IOSOptions(accessibility: KeychainAccessibility.first_unlock));
/// This function will get value from secure storage
Future<T?> read(String key) async {
String? value = await _storage.read(
key: key,
);
if (value != null) {
if (T == String) {
return value as T;
} else if (T == int) {
return int.tryParse(value) as T?;
} else if (T == bool) {
if (value.toLowerCase() == 'true') {
return true as T;
} else if (value.toLowerCase() == 'false') {
return false as T;
}
} else if (T == double) {
return double.tryParse(value) as T?;
} else if (T == List<String>) {
return value.split(',') as T;
}
}
return null;
}
/// This function will set value into secure storage
Future<void> store(String key, dynamic value) async {
var types = T;
switch (types) {
case const (List<dynamic>):
if (value is List<String>) {
await _storage.write(
key: key,
value: value.join(','),
);
} else {
throw ArgumentError('Invalid value type for List');
}
break;
default:
await _storage.write(
key: key,
value: value.toString(),
);
break;
}
}
/// Clear all stored data from secure storage
Future<void> clear() async {
await _storage.deleteAll();
}
/// Remove a specific key from secure storage
Future<void> remove(String key) async {
await _storage.delete(key: key);
}
}- Storing the Sensitive Data Ex : JWT Token: When a user log in successfully, you’ll want to store that JWT token securely. Storing with Flutter secure storage need keys and values, you can create the keys as a constant value. Here’s how you can do it:
SecureStorageHelper().store(LessworryStorage.tokenKey, loginResponse.accessToken);- Retrieving the Data: When your app starts, you’ll want to check if a token is already stored. If it is, you can set it in the Dio headers for future API requests:
final token = await SecureStorageHelper<String>().read(LessworryStorage.tokenKey);
var isLoggedIn = false;
if (token != null) {
DioHelper.setDioTokenHeader(token);
isLoggedIn = true;
}4. Best Practice to Complete Implementation
There are some best practice to implement more secure your data, here are some key takeaways :
- Use Strong Encryption: Always ensure that the data you store is encrypted. Flutter Secure Storage handles this for you, but it’s good to be aware of the importance of encryption.
- Limit Data Exposure: Only store what you absolutely need. The less sensitive data you store, the lower the risk.
- Regularly Update Dependencies: Keep your Flutter secure storage libraries up to date to benefit from the latest security patches and improvements.
Conclusion
In a nutshell, using Flutter Secure Storage is a smart move for anyone looking to protect sensitive user data, especially JWT tokens. It not only enhances the security of your application but also gives your users peace of mind knowing their information is safe.
So, if you haven’t already, consider making the switch to Flutter Secure Storage. Your app (and your users) will thank you!
Notes : if u have any comment or feedback don’t hesitate to put in on comments section, thank you 🙏 .
