binding/com.pingidentity.device.binding.authenticator/AppPinConfig/storage

storage

fun storage(block: EncryptedDataStoreStorageConfig.() -> Unit)

Customizes the encrypted storage configuration.

Allows fine-tuning of the encrypted storage backend that persists keystore data. The configuration block is applied on top of the default settings, enabling selective customization.

Available options:

  • fileName: Custom storage file name

  • keyAlias: Encryption key alias for storage

  • strongBoxPreferred: Enable hardware security module when available

  • cacheStrategy: Memory caching behavior (NO_CACHE recommended)

  • logger: Custom logger for storage operations

Example:

storage {
    fileName = "myapp_device_keys_v2"
    strongBoxPreferred = true
    cacheStrategy = NO_CACHE
}
Content copied to clipboard

Security recommendations:

  • Use NO_CACHE to prevent memory exposure

  • Enable strongBoxPreferred for hardware security

  • Use versioned file names for migration support

Parameters

block

Configuration block for storage settings

See also

var storage: () -> Storage<ByteArray>

Storage factory function that creates encrypted storage instances.

Returns a Storage implementation configured for securely persisting encrypted keystore data. The default implementation uses EncryptedDataStoreStorage which provides hardware-backed encryption when available.

Custom storage implementations can be provided for:

  • Alternative encryption backends

  • Cloud storage integration

  • Enterprise key management systems

  • Testing with in-memory storage

Example:

storage = {
    CustomEncryptedStorage(
        encryptionKey = getApplicationKey(),
        backupLocation = getBackupPath()
    )
}
Content copied to clipboard

See also

for configuration customization