age_setup/security/
zeroize.rs

1//! Memory zeroization utilities.
2
3use crate::errors::Result;
4use zeroize::Zeroize;
5
6/// Securely overwrites a byte slice with zeros.
7///
8/// This function uses the `zeroize` crate to prevent compiler optimizations.
9/// It always returns `Ok(())`; the `Result` is kept for future extensibility.
10#[must_use = "wipe_memory should be called to ensure memory is cleared"]
11pub(crate) fn wipe_memory(data: &mut [u8]) -> Result<()> {
12    data.zeroize();
13    Ok(())
14}
15#[cfg(test)]
16mod tests {
17    use super::*;
18
19    #[test]
20    fn test_wipe_memory_zeroizes() {
21        let mut data = vec![1, 2, 3, 4];
22        let result = wipe_memory(&mut data);
23        assert!(result.is_ok());
24        assert_eq!(data, vec![0, 0, 0, 0]);
25    }
26}

age_setup/security/zeroize.rs

age_setup/security/
zeroize.rs