Developing with Secure Storage

Central Classes and Interfaces

The functionality of secure storage is exposed via APIs of the bundle. The package contains several classes and interfaces that are likely going to serve as a starting point.

The SecurePreferencesFactory can be used to obtain the root node of the secure preferences. The SecurePreferencesFactory#getDefault() method will return default secure preference root node. If you prefer your secure storage to be isolated from the rest of the application, you can use SecurePreferencesFactory#open(URL location, Map options) method to open a secure storage corresponding to the location of your choice. This method also takes a map of optional hints that can be used to influence the behavior of this instance of secure storage.

The restrictions put on the node names are similar to the OSGi Preferences: no double forward slashes, no trailing forward slash. In addition, node names can only contain printable ASCII characters. If you need to use a string that does not fit those restrictions, the EncodingUtils class can be used to convert the string into a compliant form.

The functionality provided by the nodes is described by the ISecurePreferences interface. You'll find this interface is very similar to the OSGi Preferences with a few minor differences. One of the differences is that many methods use StorageException to provide more detailed description of exceptions.


The contents of the default secure storage can be seen in the command link General > Security > Secure Storage preferences page. To enable modifications of the contents of secure storage, enable debug options of the bundle. Enabling debug options will add context menus to the preferences page tree and to the values table. The context menus allow removal and addition of nodes and values to be performed directly from the preferences page.

You'll notice that context menus are disabled for the "" node. This node and its children are reserved for secure storage use and should not be modified directly.