(Not applicable to Hybrid Workflow Container) Developers should use a data vault with device applications to securely store “secrets” on the device. Data vaults are added using the DataVault API.
The data vault holds sensitive artifacts securely, because all data or artifacts in the data vault is strongly encrypted with an AES-256 bit key. Contents can include encryption keys, user and application login credentials, sync profile settings, certificates (as BLOBS).
The data vault requires a password to unlock and access the data from the application. Therefore, a device application must prompt the user to enter this password when the application is opened. Once unlocked, the application can retrieve any other secrets from the vault as needed, all without prompting the user.
Administrators can define a password policy through Sybase Control Center that defines the requirements for an acceptable password. The password policy is stored in the server-side settings database and the client gets those settings when it connects to Unwired Server as part of the settings exchange protocol.
When the client receives the password policy settings, it can populate the settings objects to the data vault. The datavault stores the settings. The client uses the DataVault API to create a vault with a defaut password, set the password policy, and change the password to a password compatible with the policy. If the password is not changed after setting a passwport policy, the application will throw an exception if you then try to access the application or unlock the vault with an incompatible password.
For more details about the data vault, see DataVault in the developer guide for your application type.