Optionally you can encrypt device data so that data at rest is always encrypted and available only after users have been successfully authenticated. The Client Object API is available to encrypt the device database and to protect the encryption key. The key can be secured in a secure store and only accessible using the device PIN.