memsafe

A cross-platform Rust library for securely wrapping data in memory.

memsafe locks sensitive data in memory, restricts access, and ensures secure cleanup—built from the ground up with simplicity and security in mind.

Usage

use memsafe::MemSafe;
let mut secret = MemSafe::new(String::from("secret")).unwrap();
secret.push_str(" data");
println!("Secure data: {}", secret);

Memory Locking: Prevents swapping to disk using mlock (Unix) or VirtualLock (Windows).
Access Restriction: Defaults to no-access mode, with temporary read/write windows.
Secure Cleanup: Zeroes memory on drop.
Cross-Platform: Supports Unix (via libc) and Windows (via winapi) with optional dependencies.

Add to your Cargo.toml:

[dependencies]
memsafe = "0.1.0"

For Windows support only:

[dependencies]
memsafe = { version = "0.1.0", default-features = false, features = ["windows"] }

The journey to create memsafe involved several key steps:

Secure Memory Wrapper: Developed a Rust struct (MemSafe) using mprotect, mlock, and madvise on Unix, and VirtualProtect, VirtualLock on Windows, ensuring data stays locked and inaccessible by default.
Naming the Crate: Brainstormed names like MemVault, LockMem, and settled on memsafe for its simplicity and clarity.
Cross-Platform Support: Made libc and winapi optional dependencies with unix and windows features, defaulting to Unix for broad compatibility.
Licensing: Chose the MIT License to require attribution (Copyright (c) 2025 Pouyan) while keeping it permissive.
SSH Configuration: Set up an SSH config using pouyan.key for GitHub (github.com/po0uyan/memsafe), with a catch-all for other connections.
Publishing: Created the crate, initialized a Git repo, and published to crates.io with a streamlined workflow.

See the full story in the GitHub repository.

Licensed under the MIT License. See LICENSE for details.