Skip to content
Fasq Flutter Async State Docs Home pub.dev

Encrypted Persistence

Fasq Security provides a specialized persistence layer that ensures your cached data remains encrypted even when the application is closed.

Drift Persistence

Section titled “Drift Persistence”

The security package includes a DriftPersistenceProvider built on the powerful Drift (formerly Moor) library. It uses a high-performance SQL database (SQLite) for storing query snapshots.

Features

Section titled “Features”
  • AES-at-Rest: Every byte written to the disk is encrypted.
  • Schema Safety: Fully typed database schema.
  • Atomic Updates: Ensures cache consistency even if the app crashes during a write.
  • Query Key Support: Efficiently indexes and retrieves data using Fasq’s complex query keys.

Setup

Section titled “Setup”

To enable encrypted persistence, you need to configure the persistenceOptions of your QueryClient using the DriftPersistenceProvider.

import 'package:fasq/fasq.dart';
import 'package:fasq_security/fasq_security.dart';


void main() async {
  // 1. Initialize security plugin
  final security = DefaultSecurityPlugin();
  await security.initialize();


  // 2. Configure persistence
  final persistence = DriftPersistenceProvider(
    // The security plugin provides the encryption key for the DB
    encryptionKey: security.getDatabaseKey(),
  );


  final client = QueryClient(
    securityPlugin: security,
    persistenceOptions: PersistenceOptions(
      provider: persistence,
    ),
  );


  runApp(QueryClientProvider(client: client, child: MyApp()));
}

How It Works

Section titled “How It Works”
  1. Key Exchange: When the app starts, the SecurityPlugin retrieves the database master key from the platform’s secure storage.
  2. Transparent Encryption: As Fasq core attempts to persist a query result, the DriftPersistenceProvider encrypts the payload before it hits the SQLite file.
  3. Background Writes: Database operations are performed asynchronously to ensure they don’t block the UI.

Performance Tuning

Section titled “Performance Tuning”

For applications with very large datasets, you can tune the persistence behavior:

PersistenceOptions(
  provider: persistence,
  // Only persist data if it's been in the cache for at least 1 minute
  minPersistenceAge: Duration(minutes: 1),
  // Ignore small updates to reduce disk I/O
  onPersist: (snapshot) => snapshot.dataSize > 1024,
)

Security Considerations

Section titled “Security Considerations”
  • Database File: The database file is stored in your app’s local documents directory but remains unreadable without the hardware-protected key.
  • Backup: Encrypted databases are typically excluded from cloud backups (auto-backup) by default for security, though this can be configured.

Next Steps

Section titled “Next Steps”