Expand description
Dependency-free secret memory sanitization for no_std Rust.
Default builds contain no unsafe code. The primary type is SecretBytes,
a fixed-size clear-on-drop container designed for secrets that are controlled
from creation through destruction.
The optional unsafe-wipe feature exposes [unsafe_wipe], an explicit
volatile-write backend for ordinary mutable buffers. It is not enabled by
default and is not wired into SecureSanitize implicitly; call sites must
opt in by module and function name.
Important limits:
- Safe Rust cannot perform volatile writes to arbitrary
&mut [u8]. - Safe Rust cannot soundly scrub old stack frames created by prior moves.
- Cache flush instructions, SIMD stores, memory locking, and assembly need target-specific unsafe code and platform policy.
Macros§
- secure_
drop_ struct - Declare a struct and generate
SecureSanitizeplusDrop. - secure_
sanitize_ struct - Declare a struct and generate
SecureSanitizefor all fields.
Structs§
- Length
Error - Error returned when a caller provides a buffer with the wrong length.
- Secret
- Clear-on-drop wrapper for non-byte secret types.
- Secret
Bytes - Fixed-size secret byte storage with automatic sanitization on drop.
Traits§
- Secure
Sanitize - Shared trait for values that can clear their own sensitive contents.
Functions§
- sanitize_
bytes_ best_ effort - Best-effort clearing for ordinary mutable byte slices.