which table is appropriate to store?

That is the wrong question, it implies that you're not using the API at all.

Elgg is based on entities and metadata: http://learn.elgg.org/en/1.10/guides/database.html

This question has multiple answers depending on what you are using it for.  It could be saved as metadata, an annotation, plugin setting, etc.  Likely there are multiple ways that will work, but one may be more appropriate for your use case.

thanks for answer Matt,I read the documentation.

I want to use this secret as second password.I create QRcode from this secret,when scan this qrcode by google authenticator software in your mobile,the software return you 6-digit code.this is my purpose that user enter  6-digit code when she/he want to login.(In addition to the username and password,like two step verification in gmail accounts)this settings is in edit profile page for each user and when user create new secret and logout(also when refresh the page)lose the secret.so the secret should be saved in database.

if you want to see my plugin go: https://github.com/parpar-d/elgg

it's not complete yet but you can see codes.Have another suggestion?

I think the best way to store your secret per user is a user plugin setting http://learn.elgg.org/en/1.10/guides/settings.html#user-settings

thanks Jerome

I move settings in configure tools page,I have one textbox and two buttons,when click one of them,the textbox filled with secret,another button shows QrCode.but how to use params[] to save this secret in textbox?

I also see signature plugin that user inter somethings in longtext input.but in this case textbox is filled automatically with calling php function and has return value as secret.

thanks

Not quite sure what you're looking for...

elgg_set_user_plugin_setting('setting_name', $value, $user->guid, 'myplugin');