As security-crypto-datastore artifacts are going to be deprecated,
encrypted-datastore artifacts are published as a KMP library.
It has only two targets yet: JVM and Android.
This change was made to use the same dependency for JVM and Android projects
and to prepare the library for possible support for iOS target in the future.
- Kotlin
1.9.23→2.0.20 - Tink
1.13.0→1.15.0
- Compile against Android SDK 35
- Update dependencies in sample project
- Drop usage of gradle-infrastructure plugins
- Use
-Xfriendly-pathscompiler option to access internal entities from the androidx.datastore library, deletePreferenceDataStoreHack
1.1.1-beta03 – 2024.05.13
- Enforce version alignment between the library and DataStore using BOM (#45)
- Publication migrated to com.vanniktech:gradle-maven-publish-plugin
1.1.1-beta02 – 2024.05.07
- Fixed Preference DataStore saving (#38)
- Test fixtures are excluded from publication (#32)
- Added sample application
1.1.1-beta01 – 2024.05.04
Note
Ensure that the version of this library aligns with the DataStore library version used in your project.
This version should only be used with datastore:1.1.1, as it depends on new APIs introduced in that release.
Starting with version 1.1.0, DataStore has become a multiplatform library.
However, encrypted datastore is currently limited to JVM and Android targets due to dependencies on JVM-specific libraries like Tink and security-crypto.
I am actively exploring ways to add support for more targets to the library.
The research will take some time, so I've released a beta version compatible with DataStore 1.1.0 for developers not requiring multiplatform targets support.
- Potentially breaking change: The field
io.github.osipxd.datastore.encrypted.PreferencesSerializerhas been hidden from the public API. Instead, directly use the objectPreferencesSerializer, which is now publicly available starting with thedatastore:1.1.0release. - Added the
@RestrictTo(LIBRARY_GROUP)annotation to public members that are intended for internal use only, ensuring they are not used externally.
- Added a binary compatibility validator to prevent unintentional breaks in binary compatibility
1.0.0 – 2024.04.17
Delegates encryptedDataStore and encryptedPreferencesDataStore were added to simplify DataStore creation.
If you have the following code:
val dataStore = DataStoreFactory.createEncrypted(serializer) {
EncryptedFile.Builder(
context.dataStoreFile("filename"),
context,
MasterKeys.getOrCreate(MasterKeys.AES256_GCM_SPEC),
EncryptedFile.FileEncryptionScheme.AES256_GCM_HKDF_4KB
).build()
}You can simplify it using delegate for DataStore creation.
// 1. Move the field to top level of you Kotlin file and turn it to an extension on Context
// 2. Replace `DataStoreFactory.createEncrypted` with `encryptedDataStore`
val Context.dataStore by encryptedDataStore(
fileName = "filename", // Keep file the same
serializer = serializer,
)Note
This only will be interchangeable if you used context.dataStoreFile(...) to create datastore file.
In case you have custom logic for master key creation, pass the created master key as a parameter masterKey to the delegate.
- Target JVM
1.8→11 - Kotlin
1.7.21→1.9.23 - Tink
1.7.0→1.13.0
- Update Gradle to 8.7
- Update AGP to 8.3.2
- Move
PreferenceDataStoreHack.javaintoencrypted-datastore-preferencesmodule
1.0.0-beta01 – 2023.02.26
- Fixed decryption fallback from StreamingAead to Aead (#15)
- Change min SDK 21 → 23 to align it with security-crypto 1.0.0
- Update Gradle to 7.6.1
1.0.0-alpha04 – 2022.12.19
- Fixed the case when data can not be read if output stream was not closed in serializer (#10)
- Added default value for parameter
encryptionOptionsinPreferenceDataStoreFactory.createEncrypted(#12)
1.0.0-alpha03 – 2022.11.18
New library provides more simple and less error-prone API to create encrypted DataStores.
All Tink-related stuff hidden from you in security-crypto library, and all you should do is wrap File with EncryptedFile:
val dataStore = DataStoreFactory.createEncrypted(serializer) {
EncryptedFile.Builder(
context.dataStoreFile("filename"),
context,
MasterKeys.getOrCreate(MasterKeys.AES256_GCM_SPEC),
EncryptedFile.FileEncryptionScheme.AES256_GCM_HKDF_4KB
).build()
}Or even simpler, if you use security-crypto-ktx:1.1.0:
val dataStore = DataStoreFactory.createEncrypted(serializer) {
EncryptedFile(
context = context,
file = context.dataStoreFile("filename"),
masterKey = MasterKey(context)
)
}See the Migration guide.
Introduced new extension-function Serializer.encrypted(StreamingAead) to encrypt DataStore in streaming manner.
Old extension-function with Aead is not planned to be removed yet, but for all new code it is recommended to use the new function or migrate to the security-crypto-datastore.
ATTENTION! You can not use
StreamingAeadto decrypt data encrypted withAead, so you can not just replaceAeadwithStreamingAeadwithout migration. To not lose your previously encrypted data, you have three options:
- Migration – add fallback for
StreamingAeadusing functionStreamingAead.withDecryptionFallback(Aead)- Do nothing – continue to use
Aead- Destructive migration – specify
CorruptionHandlerto replace old content with something else
All stuff related to Preference DataStore was moved to io.github.osipxd:encrypted-datastore-preferences.
To continue use it, change the dependency module in your build script:
-implmentation("io.github.osipxd:encrypted-datastore:...")
+implmentation("io.github.osipxd:encrypted-datastore-preferences:...")- Fixed crash when DataStore can not be decrypted (#1)
- Kotlin
1.5.30→1.7.21 - Tink
1.6.1→1.7.0
- Gradle
7.2→7.5.1 - gradle-infrastructure
0.12.1→0.17 - Migrate dependencies to version catalogs