envseal 0.3.7

Write-only secret vault with process-level access control — post-agent secret management
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

//! Regression: decrypt() used to return Vec<u8>. Now it returns
//! Zeroizing<Vec<u8>> which scrubs memory on drop.

#[test]
fn decrypt_returns_zeroizing() {
    let dir = crate::common::vault_tempdir();
    let key = envseal::keychain::MasterKey::from_test_bytes([0x42; 32]);
    let vault = envseal::vault::Vault::open_with_key(dir.path(), key).unwrap();
    vault.store("zeroize-test", b"sensitive", false).unwrap();

    let plaintext = vault.decrypt("zeroize-test").unwrap();
    // The returned value implements Deref<Target=Vec<u8>> via Zeroizing
    assert_eq!(&plaintext[..], b"sensitive");
    // drop(plaintext) will zeroize the memory
}