How Secure Storage Works

Let's consider a concrete example of Git integration. When you specify a password for a Git connection, the application offers you an option to save your user name and password using secure storage.

Schema of secure storage encrypting data

Picture 1. How secure storage works.

Your Git password is passed as data to secure storage. Secure storage uses a "master" password to encrypt it and store the encrypted Git password in a file on disk.

The master password is obtained from a password provider module. The master passwords are obtained in a "lazy" fashion, only when they are about to be used. Password providers can use different techniques:

When data is saved with secure storage, the password provider is selected based on the priorities from the list of enabled password providers. Only that provider can be used in future to decrypt the data.

Secure storage
Password recovery
Life of a master password Secure storage preference page
Secure storage runtime options