Secure Storage

The command link General > Security > Secure Storage preference page is used to manage storage of encrypted information such as passwords. Typically you will have no reason to alter the preferences on this page. The options here are mostly for troubleshooting, and, to a lesser degree, for system administrators and power users.

Password options

The Password tab combines functionality related to the master password lifecycle and password providers.

The Clear Passwords button clears cached master passwords from memory. This is analogous to logging out of the secure storage. Note that some password providers obtain credentials from the operating system automatically. To prevent them from doing so, you'll need to log out from the operating system account.

The Master password providers section contains a list of currently available password providers. By default, the enabled provider with the highest priority is used to encrypt data added to secure storage. The priority range is from 0 to 10, with 10 being the highest. A password provider can be disabled it if malfunctions, or if you prefer a lower priority password provider.

Note that data can only be decrypted by the same provider that encrypted the data. This means that changes to the list of the password providers affect only new entries. The password provider for existing entries can only be overwritten by the application storing the data.

By default all password providers are enabled.

Each password provider that has been used at least once will have a master password associated with it. Use the Change Password... button can to change the master password of the selected password provider.

The Recover Password... button opens the password recovery dialog. Use this option if you have forgotten the master password and have configured password recovery questions. The button will be disabled if the password recovery setup was cancelled when the master password was created. Note that the answers for the password recovery questions have to be entered exactly as they were specified during the password recovery setup. Answers are case-sensitive and white space inside answers are significant.

Contents options

The Contents tab displays contents of the default secure storage.

Secure storage is organized as a tree where nodes represent context of the information and values are associated with each node. Selecting a node in the tree will display a table of values associated with that node. Values stored in a non-encrypted form will be displayed; the encrypted values will be shown as "*********".

At the bottom of this tab, you will find the actual file location used to persist secure storage data.

To force changes to the contents of secure storage to be saved, click Save.

To delete stored data to recover from an error or to reflect a change in the setup, click Delete. This will delete all of the contents of secure storage. In some cases, other parts of the application may depend on the contents of secure storage that you deleted. To avoid unexpected errors, it is highly recommended to restart the application after secure storage has been deleted.

Advanced options

The Advanced tab of the preferences page offers some extra tweaks to secure storage.

The encryption algorithm used by secure storage can be modified from this page. The drop-down list displays the discovered algorithms that are provided by the Java virtual machine which are compatible with secure storage.

Changes in the encryption algorithm are only applied to data stored after the change. If you have already created a secure storage it would have to be deleted and re-created to use the newly selected encryption algorithm.

Note that the list of available algorithm might be different for different Java virtual machines and could be extended by providing custom algorithms using the Java security provider mechanism.

Secure storage
How secure storage works
Password recovery
Life of a master password Secure storage runtime options