Vault Limitations
Identity Vault offers robust biometric security for safeguarding keys and tokens. It leverages the Android Keystore and iOS Keychain to provide a secure and convenient way to store sensitive data. However, as with any technology, it's crucial to understand its limitations to ensure optimal use and data decurity. This page outlines the limitations of Identity Vault, particularly regarding data size constraints and provides guidance on alternative storage options for larger data sets.
Data Size Limitation
Official Support up to 4KB
Identity Vault officially supports storing data up to 4KB in size. This limitation is due to the underlying storage mechanism used by the Android keystore and iOS keychain. The Android keystore and iOS keychain are designed to store small pieces of data, such as cryptographic keys and tokens, and are not intended for storing large data sets. This aligns with the Keychain's guideline for a "reasonable secret data size".
Larger Payloads: Use with Caution
While it's technically possible to store larger payloads in the Android keystore and iOS keychain, it's not recommended. You may experience unpredictable results or decreased performance with larger data sizes. For this reason, storing payloads larger than 4KB is not officially supported, and we recommend using alternative storage options for larger data sets.
Alternative Storage Options
For scenarios requiring the storage of larger data sets, alternative solutions are recommended. Below are some alternative storage options to consider:
Secure Storage
For data sets exceeding the 4KB limit, we recommend using the Ionic Secure Storage plugin, which provides a secure SQLite database with encryption at rest. This plugin is specifically designed to handle larger data sizes and integrates cleanly with Identity Vault. Simply store your encryption key using Identity Vault and provide the key to the Secure Storage plugin for secure data storage.
File Encryption
When dealing with large files, such as documents or media, the recommended approach is to encrypt these files yourself and write the encrypted file to a secure location on the file system. The key used for encryption can then be securely stored and retrieved using Identity Vault.