TsgcWSAPIKeyManager › Properties › Storage
Controls where hashed keys and audit log are kept: in memory, in an optionally encrypted file, or in user hooks.
property Storage: TsgcAPIKeyStorage read FStorage write SetStorage;—
Selects where hashed keys and the audit log live. kstMemory keeps everything in-process and wipes on shutdown — fine for development. kstFile persists to FileName, optionally encrypted with EncryptionKey, and re-saves every AutoSaveSeconds seconds so keys survive a restart. kstCustom turns off built-in persistence so you can implement your own SaveToFile / LoadFromFile hooks (for example, to push the key store into a database). Plaintext keys are never written to disk — only their hashes plus metadata (owner, scopes, status, timestamps). Always enable EncryptAtRest in production.
// Production: encrypted file that survives restarts, auto-saved every 60s
sgcWSAPIKeyManager1.Storage.StorageType := kstFile;
sgcWSAPIKeyManager1.Storage.FileName := 'apikeys.dat';
sgcWSAPIKeyManager1.Storage.EncryptAtRest := True;
sgcWSAPIKeyManager1.Storage.EncryptionKey := 'my-very-secret-master-key';
sgcWSAPIKeyManager1.Storage.AutoSaveSeconds := 60;
sgcWSAPIKeyManager1.LoadFromFile('apikeys.dat');