A tiny, cross-platform, fully local, per-user encrypted-at-rest secure key/value store that only the current logged-in user can read or write.
Secure Store is the minimalist storage backend used throughout the XRUIOS to safely persist sensitive data (API endpoints, tokens, session keys, etc.) with zero external dependencies and strong filesystem-level isolation.
It was created during a need to implement cross platform variables that would be secure, not easily tamperable and able to be easily referenced (Or an alternative to EnvironmentVariableTarget.User)
Windows • Linux • macOS • 100% Offline • No Registry • No Keychain • Pure .NET 8
View on GitHub • Walker Industries • Discord • Patreon
Documentation • Examples • Design
Secure Store writes serialized JSON files into a private runtime directory that is automatically cleaned up on logout/reboot where possible:
| Platform | Storage Location | Cleanup Behavior | Protection Method |
|---|---|---|---|
| Linux | $XDG_RUNTIME_DIR (or /tmp fallback) |
Cleared on logout/restart | chmod 600 (owner-only) |
| Windows | %LocalAppData%\XRUIOS_RUNTIME |
Survives reboot, cleared on uninstall | Explicit ACL — only current user |
| macOS | /tmp |
Cleared on restart/logout | chmod 600 (owner-only) |
- Files are named
xr_<key>.dat - Data is serialized with
System.Text.Json(UTF-8, no encryption at rest yet — relies on filesystem isolation) - On Windows: inheritance is disabled and an explicit Allow rule is set for the current user SID only
- On Unix:
chmod 600is invoked via/bin/chmod; if that fails it falls back to marking the file hidden (best-effort) - Zero trust against other local users or compromised processes running as different accounts
“If another local user or malware without your exact user context can read it — it’s not secure.”
 |
 |
|---|---|
| Code by WalkerDev “Loving coding is the same as hating yourself” Discord |
Art by Kennaness “When will I get my isekai?” Bluesky • ArtStation |
| File / Class | Description |
|---|---|
Storage.cs |
The complete implementation (single file, no external dependencies) |
SecureStore (static) |
Public API — Set<T>(key, value) and Get<T>(key) |
ApplyWindowsAcl() |
Strips inheritance and grants FullControl only to the current user SID |
ApplyUnixPermissions() |
Calls /bin/chmod 600 (silent fallback to Hidden attribute if unavailable) |
Full source is deliberately <150 lines. You can audit it in 30 seconds.
Secure Store is stupid simple to use;
using Secure_Store;
// Save anything serializable
SecureStore.Set("worker_addr", "http://localhost:5050");
SecureStore.Set("last_session", new SessionData { User = "walker", Expires = DateTime.UtcNow.AddHours(8) });
// Read it back
string? addr = SecureStore.Get<string>("worker_addr");
var session = SecureStore.Get<SessionData>("last_session");
// Works with complex objects too
public record SessionData(string User, DateTime Expires);
Code: NON-AI MPL 2.0
Artwork: © Kennaness — NO AI training. NO reproduction. NO exceptions.
Unauthorized use of the artwork — including but not limited to copying, distribution, modification, or inclusion in any machine-learning training dataset — is strictly prohibited and will be prosecuted to the fullest extent of the law.