secStore is simple wrapper to handle client storage mechanisms within the browser.

It is named secStore.js because not only will this plug-in assist you in transparent storage & retrieval of client data, but it will optionally provide a layer of security for said data with the use of the SJCL (Stanford Javascript Crypto Libraries).

Requirements: SJCL libraries (optional - https://github.com/bitwiseshiftleft/sjcl)

Features: HTML5 localStorage support HTML5 sessionStorage support Cookie support AES encryption support Quota support (4K for cookies and 5MB for HTML5 mechanisms)

Code Quality Rank: L4
Programming language: JavaScript
Tags: Storage     Cookies     Localstorage     Encryption    
Latest version: v1.0.8

secStore.js alternatives and similar libraries

Based on the "Storage" category

Do you think we are missing an alternative of secStore.js or a related project?

Add another 'Storage' Library


crypt.io Build Status

crypt.io implements secures browser storage with the SJCL (Stanford Javascript Crypto Libraries) crypto library.


  • passphrase: {String} User supplied passphrase
  • storage: {String} Storage engine to use; local, session or cookies


Here are a few examples of use to get you started.

Default use

Saving data...

var storage = cryptio
  , inventory = [{
      "SKU": "39-48949",
      "Price": 618,
      "Item": "Snowboard"
    }, {
      "SKU": "99-28128",
      "Price": 78.99,
      "Item": "Cleats"
    }, {
      "SKU": "83-38285",
      "Price": 3.99,
      "Item": "Hockey Puck"

storage.set('inventory', inventory, function(err, results){
  if (err) throw err;

Retrieving data...

var storage = cryptio;

storage.get('inventory', function(err, results){
  if (err) throw err;

Storage option

Want to use a different storage engine like the HTML5 sessionStorage feature?

var options = {
  storage: 'session',

Or some depreciated cookies? This is the least tested option

var options = {
  storage: 'cookies',

Extra security

While providing a transparent method of encryption for objects within the client prevents the need for user interaction, in terms of security in the event of a same-origin, dom rebinding attack coupled with a man- in-the-middle scenario or a malicious browser add-on it would be more secure to prompt the user for his/her passphrase.

Here is an example of user input for the passphrase.

var pass = window.prompt("Please enter password...", "a custom password");

var options = {
  passphrase: pass

storage.set(options, 'inventory', inventory, function(err, results){
  if (err) throw err;

storage.get(options, 'inventory', function(err, results){
  if (err) throw err;

For the paranoid

Here is a robust example of saving & retrieving data implementing a user defined password based on their input while also using key stretching techniques to further enhance the security of the key used as well as using a tempoary storage option such as sessionStorage for the current authenticated session.

Saving data (please keep in mind that a static value for the salt is not recommended)

var pass = window.prompt("Enter password to protect saved data", "");

var options = {
  passphrase: sjcl.codec.base64.fromBits(sjcl.hash.sha256.hash(sjcl.misc.pbkdf2(pass, sjcl.random.randomWords(2), 100000, 512)))

storage.set(options, 'inventory', inventory, function(err, results){
  if (err) throw err;

storage.get(options, 'inventory', function(err, results){
  if (err) throw err;


For the obligitory read regarding Javascript Encryption and the security implications please read 'NCC Group - Javascript Cryptography Considered Harmful'



Three methods are available for setup and use; using bower, cloning & manual


To setup using yarn

%> yarn add crypt.io

Bower (depreciated)

To setup using bower

%> bower install crypt.io

Clone w/ git

To setup using git

%> git clone --recursive https://github.com/jas-/crypt.io.git


Copy the crypt.io.min.js and the sjcl libraries to your web project and include them like so.

<script src="/path/to/sjcl.js"></script>
<script src="/path/to/crypt.io.min.js"></script>


Found a bug? Want a feature added? General feedback or kudos? Please open an issue so I can address it. Thanks!