pub fn wipe_memory(data: &mut [u8])Expand description
Overwrites a byte buffer with zeros, preventing sensitive data from lingering in memory.
This is a thin wrapper around the Zeroize trait from the zeroize crate.
It guarantees that the memory will be cleared even if the compiler would
otherwise optimize away a simple assignment (e.g., a memset call that appears
dead).
§Why is this important?
When secret keys, passwords, or other sensitive data are no longer needed, they should be explicitly erased from memory. Otherwise, they might remain in freed memory pages, swap space, or core dumps, where they could be recovered by an attacker.
§Example
use age_setup::security::wipe_memory;
let mut secret = vec![0x41, 0x42, 0x43]; // "ABC"
wipe_memory(&mut secret);
assert_eq!(secret, vec![0, 0, 0]);§How it works
The zeroize crate implements the Zeroize trait for u8 slices. When
called, it writes zeros to every element, using a volatile write to prevent
the compiler from optimizing the operation away. After this function returns,
the original data is irreversibly gone from that mutable slice.
§Safety
This function is memory‑safe. It operates on a mutable reference and does not read or write beyond the bounds of the slice. It never panics.