Alternative to the Ionic Identity Vault Plugin¶
Looking for a way to protect sensitive data and authenticate users in your Capacitor app? With Ionic discontinuing their commercial Identity Vault plugin, developers need reliable alternatives for biometric authentication (Face ID, fingerprint) and secure session management. The Capacitor Biometrics plugin and Capacitor Secure Preferences plugin from Capawesome provide a modern alternative that covers the core functionality of Identity Vault.
For a complete walkthrough on the Biometrcis plugin make sure to read Exploring the Capacitor Biometrics API.
Introduction¶
Ionic Identity Vault combined biometric authentication, encrypted storage, and session management into a single plugin. It allowed developers to store tokens and credentials securely, lock and unlock a vault using Face ID or fingerprint, and automatically clear sensitive data after inactivity. Following Ionic's decision to phase out their commercial products, developers need to find a replacement.
The good news is that you can replicate the key features of Identity Vault by combining the Biometrics plugin and Secure Preferences plugin from Capawesome. Together, they cover biometric authentication, encrypted key-value storage, and can be used to build session management logic tailored to your app.
Feature Comparison¶
Here's a side-by-side look at how Identity Vault features map to the Capawesome plugins:
| Feature | Identity Vault | Capawesome |
|---|---|---|
| Biometric authentication | Vault.unlock() |
Biometrics.authenticate(...) |
| Store values | Vault.setValue(...) |
SecurePreferences.set(...) |
| Retrieve values | Vault.getValue(...) |
SecurePreferences.get(...) |
| Remove values | Vault.removeValue(...) |
SecurePreferences.remove(...) |
| List keys | Vault.getKeys() |
SecurePreferences.keys() |
| Clear all data | Vault.clear() |
SecurePreferences.clear() |
| Check biometric availability | Device API | Biometrics.isAvailable() |
| Check biometric enrollment | Device API | Biometrics.isEnrolled() |
| Device credential fallback | Vault config | authenticate(...) with allowDeviceCredential option |
| Auto-lock on timeout | Built-in | Application logic |
| Custom passcode | Built-in vault type | Application logic |
| Lock/unlock events | onLock / onUnlock |
Application logic |
While Identity Vault bundles everything into a single class, the Capawesome approach gives you more flexibility by separating biometric authentication from storage. This makes it easier to use each feature independently and adapt the behavior to your specific needs.
AI-Assisted Migration
For a more guided experience, add the Capawesome skills to your project with npx skills add capawesome-team/skills --skill ionic-enterprise-sdk-migration and use the following prompt with your preferred AI coding assistant:
Migration from Identity Vault¶
Migrating from Identity Vault involves replacing vault operations with the corresponding Capawesome plugin methods. The following sections walk you through the most common scenarios.
Installation¶
Begin by removing the existing Identity Vault dependency and installing the Capawesome alternatives. To install the Biometrics plugin, please refer to the Installation section in the plugin documentation. To install the Secure Preferences plugin, please refer to the Installation section in the plugin documentation.
Biometric Authentication¶
Identity Vault uses Vault.unlock() to trigger biometric authentication. With Capawesome, you use the Biometrics plugin's authenticate(...) method directly.
Identity Vault:
import { Vault, DeviceSecurityType, VaultType } from '@ionic-enterprise/identity-vault';
const vault = new Vault({
key: 'com.example.vault',
type: VaultType.DeviceSecurity,
deviceSecurityType: DeviceSecurityType.Both,
lockAfterBackgrounded: 2000,
});
const unlock = async () => {
await vault.unlock();
};
Capawesome Biometrics:
import { Biometrics } from '@capawesome-team/capacitor-biometrics';
const authenticate = async () => {
await Biometrics.authenticate({
title: 'Authenticate',
subtitle: 'Verify your identity to continue',
allowDeviceCredential: true,
});
};
The authenticate(...) method supports customizable prompts via title, subtitle, and cancelButtonText options. Setting allowDeviceCredential to true lets users fall back to their device PIN or password if biometrics are unavailable. If authentication fails, you can handle the error and decide whether to keep the session locked or clear sensitive data.
Storing Values¶
Identity Vault's setValue(...) stores data inside the encrypted vault. With Capawesome, you use the Secure Preferences plugin, which encrypts data using the platform's native secure storage (Android Keystore with AES-256 encryption on Android, Keychain on iOS).
Identity Vault:
import { Vault } from '@ionic-enterprise/identity-vault';
const storeToken = async (vault: Vault) => {
await vault.setValue('session_token', 'eyJhbGciOiJIUzI1NiIs...');
};
Capawesome Secure Preferences:
import { SecurePreferences } from '@capawesome-team/capacitor-secure-preferences';
const storeToken = async () => {
await SecurePreferences.set({
key: 'session_token',
value: 'eyJhbGciOiJIUzI1NiIs...',
});
};
Retrieving Values¶
Identity Vault:
import { Vault } from '@ionic-enterprise/identity-vault';
const getToken = async (vault: Vault) => {
const token = await vault.getValue('session_token');
return token;
};
Capawesome Secure Preferences:
import { SecurePreferences } from '@capawesome-team/capacitor-secure-preferences';
const getToken = async () => {
const { value } = await SecurePreferences.get({ key: 'session_token' });
return value;
};
Removing Values¶
Identity Vault:
import { Vault } from '@ionic-enterprise/identity-vault';
const removeToken = async (vault: Vault) => {
await vault.removeValue('session_token');
};
Capawesome Secure Preferences:
import { SecurePreferences } from '@capawesome-team/capacitor-secure-preferences';
const removeToken = async () => {
await SecurePreferences.remove({ key: 'session_token' });
};
Clearing All Data¶
Identity Vault:
import { Vault } from '@ionic-enterprise/identity-vault';
const clearVault = async (vault: Vault) => {
await vault.clear();
};
Capawesome Secure Preferences:
import { SecurePreferences } from '@capawesome-team/capacitor-secure-preferences';
const clearAll = async () => {
await SecurePreferences.clear();
};
Session Management¶
One of Identity Vault's built-in features is automatic session locking after a period of inactivity or when the app goes to the background. With Capawesome, you can build the same behavior using Capacitor's App plugin combined with the Biometrics and Secure Preferences plugins.
Here's an example of how to implement auto-lock when the app is backgrounded:
import { App } from '@capacitor/app';
import { Biometrics } from '@capawesome-team/capacitor-biometrics';
import { SecurePreferences } from '@capawesome-team/capacitor-secure-preferences';
let locked = false;
App.addListener('appStateChange', async ({ isActive }) => {
if (!isActive) {
locked = true;
}
if (isActive && locked) {
try {
await Biometrics.authenticate({
title: 'Welcome back',
subtitle: 'Authenticate to unlock',
allowDeviceCredential: true,
});
locked = false;
} catch (error) {
// Authentication failed - keep locked or sign out
}
}
});
This gives you full control over when and how to lock the session, including custom timeout logic or clearing stored data on failed authentication.
Need Help Migrating?¶
If you'd rather not handle the migration yourself, the Capawesome team can take care of it for you. Whether you're dealing with a straightforward swap or a more complex setup with custom session management, we offer dedicated migration services to get you up and running with minimal downtime and effort on your end.
Conclusion¶
The discontinuation of Ionic Identity Vault doesn't have to disrupt your workflow. The Capacitor Biometrics plugin and Secure Preferences plugin provide a solid alternative for biometric authentication, encrypted storage, and session management. For the full plugin documentation, see the API Reference.
Related reading:
- Exploring the Capacitor Biometrics API
- How to Securely Store Credentials with Capacitor
- Announcing the Capacitor Biometrics Plugin
Stay updated:
To stay updated with the latest updates, features, and news about Capawesome, Capacitor, and the Ionic ecosystem subscribe to our Capawesome newsletter.
Need help migrating from Identity Vault? Contact us to get started.