# Android integration
Use the Android Keystore (or Play Integrity backed solutions) in native code to generate or unwrap a 32-byte master key. Pass that key into the Rust layer through `ForeignKeyProvider`. The Rust crate does not display UI or request permissions.
Suggested flow:
1. Native layer obtains or creates a symmetric key in the Android Keystore.
2. Application derives a 32-byte value (or unwraps an exported key) and passes it to Rust.
3. Rust constructs `ForeignKeyProvider` with the bytes and opens `EncryptedStore`.
No key material is persisted by enigma-storage in this mode. Rotate keys by providing a new value and re-encrypting data as needed.