DataStore: Client Side Encryption required to pass VAPT (Vulnerability Assessment & Penetration Testing)

[wahidzzz]

Is this related to a new or existing framework?

React, Next.js

Is this related to a new or existing API?

DataStore

Is this related to another service?

No response

Describe the feature you'd like to request

We are developing an offline progressive web app with nextjs. In order to pass the Vulnerability Assessment & Penetration Testing, we are required to encrypt our localDB (IndexedDB in this case). I have not found anything in the docs that allows data encryption.

this is related thread : #2556

Describe the solution you'd like

I'd like DataStore to provide interface/layer to encrypt and decrypt any data stored within IndexedDB.

Describe alternatives you've considered

dexie-encrypted provides and middleware to encrypt local data (applyEncryptionMiddleware) : https://github.com/mark43/dexie-encrypted
dexie js encryption: applyEncryptionMiddleware(db, key, config, onKeyChange);

Additional context

No response

Is this something that you'd be interested in working on?

• 👋 I may be able to implement this feature request
• ⚠️ This feature might incur a breaking change

[david-mcafee]

@wahidzzz - as we explain here in our docs, if your app has authentication implemented, it is recommended to call DataStore.clear() on sign-in/sign-out to remove any user-specific data. This method is often important to use for shared device scenarios or where you need to purge the local on-device storage of records for security/privacy concerns. However, let me know if you still have concerns!

[david-mcafee]

Closing this issue.

@wahidzzz - please let us know if the guidance above is helpful. Thank you!