EncryptedLocalDbService
Component Detail
Description
Initialises and manages the SQLCipher encryption layer that wraps the Drift database, handling passphrase derivation from device-bound credentials and secure key storage via the platform keychain. Exposes lifecycle hooks for locking and unlocking the database on app foreground/background transitions to prevent key exposure.
encrypted-local-db-service
Sources & reasoning
Lines 300-304 describe the offline-first architecture explicitly with Drift+SQLCipher, mutation outbox, conflict resolver, and optimistic mutations - these are the precise capabilities this feature implements. Line 185 confirms Drift as the chosen technology. The blueprint assigns MVP, consistent with the source doc's framing of offline-first as a core architectural pattern, not an optional add-on, and the priority matrix placing activity registration as a MUST HAVE in Phase 1.
-
docs/source/likeperson.md · line 185Tech: Flutter, Riverpod (no codegen), Drift (offline), WCAG 2.2 AA
-
docs/source/likeperson.md · line 300-304Offline-first persistence (Drift + SQLCipher encrypted local DB, mutation outbox, sync queue with retry/backoff, ID mapping for offline-created entities, conflict resolver) - Optimistic mutations with automatic rollback on failure (contact edits and
Responsibilities
- Derive and store the database encryption key using the platform secure keychain
- Open the SQLCipher-encrypted database file with the correct passphrase on startup
- Lock the database and clear in-memory key material when the app backgrounds
- Re-authenticate and unlock the database on app foreground resume
- Provide health-check diagnostics for encryption layer status
Interfaces
initEncryptedDb(credentials: DeviceCredentials): Future<void>
lockDatabase(): void
unlockDatabase(credentials: DeviceCredentials): Future<void>
isDatabaseLocked(): bool
rotateEncryptionKey(newCredentials: DeviceCredentials): Future<void>