secureStorage tutorial/sample code?

I am trying to work with secureStorage. Is there a tutorial or sample code somewhere?
I cannot get this to work. I already tried to modify xd-storage-helper from @pklaschka to work with secureStorage - with no success.


What have you tried thus far? Any code you can share? Want to make sure we address your use case.

But generally, it’s along these lines:

const { secureStorage } = require("uxp").storage;

async function useSecureStorage() {
    await secureStorage.setItem("key", "1234");
    // note that r here is a UInt8Array, _not_ a string
    const r = await secureStorage.getItem("key"); 

Thanks Kerri!
That is helpful as a start.

2 things:

How do I proceed with r? How do I convert it in a string?
Where are the values stored in SecureStorage? On disk or just in plugins cache?

My use case: I want to store the license key that the user has entered to unlock some features. When the plugin starts next time it will take the stored license key and check against a server if its valid and then show the UI of the plugin.
My understanding is that secureStorage is the right place for this - I hope so :slight_smile:

So, basically I would like to do the same thing that xd-storage-helper does (store some values in a file only with encryption).

I am open for any suggestions if my approach is not the best way to do this.


Is the license key private information? If it’s something the user already has access to, I’d think localStorage here would be sufficient, unless you’re saving something like an auth token that should be kept totally private.

The user enters the license key by himself. So, yes, I can stick with localStorage.

Would still good to know where secureStorage stores its values? Would I need to save it into a file or is this done when using it?

secureStorage is saved in a plugin-specific folder, in sibling folder of the pluginData folder. The location is specific to the host app and the version of that app.

localStorage is in the same place (but a different database which is not encrypted).