Skip to content

security: ensure secret types are zeroed on drop #45

Description

@dobby-coder

PR #14 adds an opt-in zeroize feature that derives Zeroize on secret types. However, because all secret structs are Copy, ZeroizeOnDrop cannot be derived — callers must manually invoke .zeroize(). This means memory containing secret key material is not automatically cleared when values go out of scope.

The gap: SharedSecret, SecretKey, and UserSecretKey types across all schemes should ideally be !Copy so that ZeroizeOnDrop can be derived, ensuring secret material is erased automatically. This is a breaking API change and a maintainer decision, but the current state leaves secret zeroing entirely to the caller's discipline.

Related: PR #14 (feat: optional zeroize feature for secret types).

Metadata

Metadata

Assignees

No one assigned

    Labels

    securitySecurity-related issue (vulnerability, hardening, or risk)

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions