local storage is pretty secure in itself, unless the actual device of the user is compromised

If you want to add a layer of security inside your localStorage you can use this package

The data you'll keep inside the localStorage won't be human-readable

Ok thank you

This package seems pretty pointless since it's a client-side encryption that can be easily reverted since you ship the package itself to the client.

It's like locking your door but leaving the key under the doormat.

Do you have advice or a solution please ?

It's impossible to fully secure data client-side since you still want to access it there. As such whenever you provide the functions to encrypt data client-side there must be a way to decrypt it locally.

You should figure out why you want to encrypt data and what the attack vector is.

In terms of security what are you afraid of?

Rather than just thinking you need to encrypt something.

Without factual evidence that it's necessary in the first place.

The data are address, phone number, …

That doesn't explain what are you doing with this data and why you think you need to encrypt it.

None of the forms to register an account on websites encrypts the data.

The question is why are you storing these in the local storage and what you're doing with it.

So I use this data to call an api that is Boxtal (for parcel delivery). And I need this data in differents pages, so I make it in the localStorage

I make it in the localStorage Because it’s user-friendly and it’s temporary.

If I may, I think this package is pretty solid IMHO cause when I read the docs you basically set a secret key that only your browser has access to and in turn can decrypt the data. Changing the browser won't work even if the malicious user can copy those data in localStorage.

I agree with @Asian black bear on having a clear intent or why you want your data to be secure and that will help you with the where.
@Sloth bear For this use case I would just add it inside localStorage without thinking too much (If it's just the pgone number and the address).
Or you can get user data inside/before your API call (getUserInfo) so they never reach the client-side (if you're not making API calls in client components).

A "secret key" you ship with your client-side bundle.

This should be your first red flag indicating how useless this package is.

I think I will store the data in a session in server side and retrieve it when I want to call the API. I think the problem in my app is that I am doing everything client side instead of separate the server and client side.

Yes that would work, for privacy always handle it in the server. But server should always be stateless, or you will end up having the same problem as in client side but the worst version of it.