Alternative to the Ionic Identity Vault Plugin¶
Looking for a way to protect sensitive data and authenticate users in your Capacitor app? With Ionic discontinuing their commercial Identity Vault plugin, developers need reliable alternatives for biometric authentication and secure session management. The Biometrics plugin and Secure Preferences plugin from Capawesome provide a modern, open alternative that covers the core functionality of Identity Vault.
Introduction¶
Ionic Identity Vault combined biometric authentication, encrypted storage, and session management into a single plugin. It allowed developers to store tokens and credentials securely, lock and unlock a vault using Face ID or fingerprint, and automatically clear sensitive data after inactivity. Following Ionic's decision to phase out their commercial products, developers need to find a replacement.
The good news is that you can replicate the key features of Identity Vault by combining the Biometrics plugin and Secure Preferences plugin from Capawesome. Together, they cover biometric authentication, encrypted key-value storage, and can be used to build session management logic tailored to your app.
Feature Comparison¶
Here's a side-by-side look at how Identity Vault features map to the Capawesome plugins:
| Feature | Identity Vault | Capawesome |
|---|---|---|
| Biometric authentication | Vault.unlock() |
Biometrics.authenticate(...) |
| Store values | Vault.setValue(...) |
SecurePreferences.set(...) |
| Retrieve values | Vault.getValue(...) |
SecurePreferences.get(...) |
| Remove values | Vault.removeValue(...) |
SecurePreferences.remove(...) |
| List keys | Vault.getKeys() |
SecurePreferences.keys() |
| Clear all data | Vault.clear() |
SecurePreferences.clear() |
| Check biometric availability | Device API | Biometrics.isAvailable() |
| Check biometric enrollment | Device API | Biometrics.isEnrolled() |
| Device credential fallback | Vault config | authenticate(...) with allowDeviceCredential option |
| Auto-lock on timeout | Built-in | Application logic |
| Custom passcode | Built-in vault type | Application logic |
| Lock/unlock events | onLock / onUnlock |
Application logic |
While Identity Vault bundles everything into a single class, the Capawesome approach gives you more flexibility by separating biometric authentication from storage. This makes it easier to use each feature independently and adapt the behavior to your specific needs.
Migration from Identity Vault¶
Migrating from Identity Vault involves replacing vault operations with the corresponding Capawesome plugin methods. The following sections walk you through the most common scenarios.
Installation¶
Begin by removing the existing Identity Vault dependency and installing the Capawesome alternatives. To install the Biometrics plugin, please refer to the Installation section in the plugin documentation. To install the Secure Preferences plugin, please refer to the Installation section in the plugin documentation.
Biometric Authentication¶
Identity Vault uses Vault.unlock() to trigger biometric authentication. With Capawesome, you use the Biometrics plugin's authenticate(...) method directly.
Identity Vault:
import { Vault, DeviceSecurityType, VaultType } from '@ionic-enterprise/identity-vault';
const vault = new Vault({
key: 'com.example.vault',
type: VaultType.DeviceSecurity,
deviceSecurityType: DeviceSecurityType.Both,
lockAfterBackgrounded: 2000,
});
const unlock = async () => {
await vault.unlock();
};
Capawesome Biometrics:
import { Biometrics } from '@capawesome-team/capacitor-biometrics';
const authenticate = async () => {
await Biometrics.authenticate({
title: 'Authenticate',
subtitle: 'Verify your identity to continue',
allowDeviceCredential: true,
});
};
The authenticate(...) method supports customizable prompts via title, subtitle, and cancelButtonText options. Setting allowDeviceCredential to true lets users fall back to their device PIN or password if biometrics are unavailable. If authentication fails, you can handle the error and decide whether to keep the session locked or clear sensitive data.
Storing Values¶
Identity Vault's setValue(...) stores data inside the encrypted vault. With Capawesome, you use the Secure Preferences plugin, which encrypts data using the platform's native secure storage (Android Keystore with AES-256 encryption on Android, Keychain on iOS).
Identity Vault:
import { Vault } from '@ionic-enterprise/identity-vault';
const storeToken = async (vault: Vault) => {
await vault.setValue('session_token', 'eyJhbGciOiJIUzI1NiIs...');
};
Capawesome Secure Preferences:
import { SecurePreferences } from '@capawesome-team/capacitor-secure-preferences';
const storeToken = async () => {
await SecurePreferences.set({
key: 'session_token',
value: 'eyJhbGciOiJIUzI1NiIs...',
});
};
Retrieving Values¶
Identity Vault:
import { Vault } from '@ionic-enterprise/identity-vault';
const getToken = async (vault: Vault) => {
const token = await vault.getValue('session_token');
return token;
};
Capawesome Secure Preferences:
import { SecurePreferences } from '@capawesome-team/capacitor-secure-preferences';
const getToken = async () => {
const { value } = await SecurePreferences.get({ key: 'session_token' });
return value;
};
Removing Values¶
Identity Vault:
import { Vault } from '@ionic-enterprise/identity-vault';
const removeToken = async (vault: Vault) => {
await vault.removeValue('session_token');
};
Capawesome Secure Preferences:
import { SecurePreferences } from '@capawesome-team/capacitor-secure-preferences';
const removeToken = async () => {
await SecurePreferences.remove({ key: 'session_token' });
};
Clearing All Data¶
Identity Vault:
import { Vault } from '@ionic-enterprise/identity-vault';
const clearVault = async (vault: Vault) => {
await vault.clear();
};
Capawesome Secure Preferences:
import { SecurePreferences } from '@capawesome-team/capacitor-secure-preferences';
const clearAll = async () => {
await SecurePreferences.clear();
};
Session Management¶
One of Identity Vault's built-in features is automatic session locking after a period of inactivity or when the app goes to the background. With Capawesome, you can build the same behavior using Capacitor's App plugin combined with the Biometrics and Secure Preferences plugins.
Here's an example of how to implement auto-lock when the app is backgrounded:
import { App } from '@capacitor/app';
import { Biometrics } from '@capawesome-team/capacitor-biometrics';
import { SecurePreferences } from '@capawesome-team/capacitor-secure-preferences';
let locked = false;
App.addListener('appStateChange', async ({ isActive }) => {
if (!isActive) {
locked = true;
}
if (isActive && locked) {
try {
await Biometrics.authenticate({
title: 'Welcome back',
subtitle: 'Authenticate to unlock',
allowDeviceCredential: true,
});
locked = false;
} catch (error) {
// Authentication failed - keep locked or sign out
}
}
});
This gives you full control over when and how to lock the session, including custom timeout logic or clearing stored data on failed authentication.
Need Help Migrating?¶
If you'd rather not handle the migration yourself, the Capawesome team can take care of it for you. Whether you're dealing with a straightforward swap or a more complex setup with custom session management, we offer dedicated migration services to get you up and running with minimal downtime and effort on your end.
Conclusion¶
The discontinuation of Ionic Identity Vault doesn't have to disrupt your development workflow. The Biometrics plugin and Secure Preferences plugin from Capawesome provide a solid alternative that covers biometric authentication, encrypted storage, and session management. By separating these concerns into dedicated plugins, you get more flexibility and control over how security works in your app.
To stay updated with the latest updates, features, and news about Capawesome, Capacitor, and the Ionic ecosystem, subscribe to the Capawesome newsletter and follow us on X (formerly Twitter).
If you need assistance with migrating from Ionic Identity Vault or implementing the Biometrics or Secure Preferences plugins, the Capawesome team is available to help you transition smoothly. Just contact us to get started.