Encryption
Encrypt selected stored values while keeping metadata readable.
Overview
localstorage-platform supports optional AES encryption for individual stored values.
Encryption is configured on StorageManager and enabled per write with
encrypt: true.
Why
Some browser-stored values should not be written as plain text. The library lets you encrypt only the values that need it while keeping metadata readable for TTL and group cleanup.
When
Use encryption for temporary client-side values that must be stored in the
browser and should not appear as plain text in localStorage.
Do not treat browser storage as a secure vault. Anything available to client JavaScript should still be considered client-accessible.
How
Create a manager with an encryption secret.
import { StorageManager } from "localstorage-platform";
const storage = new StorageManager("company-name", {
encryption: {
secret: "my-secret-key",
},
});Write encrypted values by passing encrypt: true.
storage.set("token", "abc123", {
group: "session",
encrypt: true,
});
const token = storage.get<string>("token");Only the stored value is encrypted. Metadata remains readable.
{
"value": "encrypted-value",
"meta": {
"type": "group",
"group": "session",
"encrypt": true,
"createdAt": 171111111,
"updatedAt": 171111111
}
}Best Practices
- Configure encryption before writing encrypted values.
- Use the same secret when reading encrypted values.
- Combine encrypted values with
ttlwhen the data is temporary. - Keep secrets out of source control and static client bundles when possible.
Common Mistakes
- Passing
encrypt: truewithout configuring encryption onStorageManager. - Reading encrypted values with a manager that has no encryption configuration.
- Assuming metadata is encrypted. Metadata remains readable by design.