Code Reference

Secure Store

Expo · Reference cheat sheet

Secure Store

Expo · Reference cheat sheet


📋 Overview

expo-secure-store stores small secrets in iOS Keychain / Android Keystore. Use for tokens and keys—not large blobs. AsyncStorage is not secure. Configure the config plugin when required by your SDK version.

🔧 Core concepts

APIRole
setItemAsync(key, value)Save
getItemAsync(key)Read
deleteItemAsync(key)Remove
OptionskeychainAccessible, biometrics auth options

Size limits apply; errors on unavailable hardware/secure lock screen policies.

💡 Examples

import * as SecureStore from "expo-secure-store";

const TOKEN_KEY = "session_token";

export async function saveToken(token: string) {
  await SecureStore.setItemAsync(TOKEN_KEY, token);
}

export async function loadToken() {
  return SecureStore.getItemAsync(TOKEN_KEY);
}

export async function clearToken() {
  await SecureStore.deleteItemAsync(TOKEN_KEY);
}

With auth prompt (when supported):

await SecureStore.setItemAsync("pin", value, {
  requireAuthentication: true,
  authenticationPrompt: "Unlock secrets",
});

⚠️ Pitfalls

  • Storing JWTs in AsyncStorage instead.
  • Large JSON documents—use file encryption or server.
  • Assuming values survive app uninstall (platform-specific).
  • Missing error handling when device is locked / biometrics fail.

On this page