Show TOC

SecureStore for WindowsLocate this document in the navigation structure

Use the SecureStore API in conjunction with the LogonCore API to provide secure client login functionality.

The DataVault class implements an encrypted, password-protected secure store. There are two overloaded methods used to create a datavault:
  • Creating a datavault - Option one:
    //Create a datavault by providing an id and password for the datavault
    var vault = await SAP.SecureStore.DataVault.CreateVaultAsync("id", "newpassword");
  • Creating a datavault - Option two:
    //create a datavault by additionally providing a password policy.  
    //This password policy can determine complexity of the password, number of retries etc. 
    var vault = await SAP.SecureStore.DataVault.CreateVaultAsync("id", "newpassword", policy);
Delete the datavault by calling the DeleteVaultAsync method, passing in the id of the datavault. The developer normally does this to destroy all data in the datavault:
await SAP.SecureStore.DataVault.DeleteVaultAsync(id);
Depending on the needs of the application, the developer can create and store secure information in a datavault.


Some basic operations that can be performed on the SecureStore:

try {
	SAP.SecureStore.DataVault vault = null;
	// check if the vault exists
	if (await SAP.SecureStore.DataVault.VaultExistsAsync("id")) {
		vault = await SAP.SecureStore.DataVault.GetVaultAsync("id");
		bool invalidPassword = false;
		try {
			await vault.UnlockAsync("oldpassword");
		} catch (Exception) {
			invalidPassword = true;
		// if the old password is incorrect we try the new one
		if (invalidPassword) {
			await vault.UnlockAsync("newpassword");
		} else {
			// if the old password is valid we change it to the new one
			await vault.ChangePasswordAsync("oldpassword", "newpassword");
	} else {
		// create a new vault
		vault = await SAP.SecureStore.DataVault.CreateVaultAsync("id", "newpassword");

	// locking the store
	// unlocking it
	await vault.UnlockAsync("newpassword");

	// set a password policy
	await vault.SetPasswordPolicyAsync(new SAP.SecureStore.DataVaultPasswordPolicy() {
			IsEnabled = true,
			MinLength = 8,
			IsDefaultPasswordAllowed = false,
			HasDigits = true

	// write something into the store
	await vault.SetStringAsync("testkey", "abcdef");
	// read it back
	System.Diagnostics.Debug.WriteLine(await vault.GetStringAsync("testkey"));

	// writing binary data into the store
	await vault.SetValueAsync("binarykey", new byte[] {1, 2, 3});
	byte[] binaryValue = await vault.GetValueAsync("binarykey");
	System.Diagnostics.Debug.WriteLine(String.Join<byte>(", ", binaryValue));
	// deleteing the data
	await vault.DeleteValueAsync("binarykey");

	// enumerating the content
	var keys = vault.DataNames;
	foreach (var key in keys) {
		System.Diagnostics.Debug.WriteLine("key: " + key.Name);

	// deleting the store
	await SAP.SecureStore.DataVault.DeleteVaultAsync("id");
} catch (Exception exception) {
	if (exception is SAP.SecureStore.IDataVaultException) {
		System.Diagnostics.Debug.WriteLine("type: " + ((SAP.SecureStore.IDataVaultException)exception).Type.ToString());