secure-types

Crates.iosecure-types
lib.rssecure-types
version0.2.0
created_at2025-07-15 12:08:36.89401+00
updated_at2025-09-06 10:14:59.041504+00
descriptionSecure data types that protect sensitive data in memory via locking, encryption, and zeroization.
homepage
repositoryhttps://github.com/greekfetacheese/secure-types
max_upload_size
id1753182
size92,041
Michalis Molfetas (greekfetacheese)

documentation

README

Secure Types

The goal of this crate is to provide a simple way to handle sensitive data in memory (eg. passwords, private keys, etc).

Currently there are 3 types:

  • SecureString: For working with strings.
  • SecureVec: For working with Vec<T>.
  • SecureArray: For working with &[T; LENGTH].

Features

  • Zeroization on Drop: Memory is wiped when dropped.
  • Memory Locking: (std-only) On Linux/Windows the memory is locked to prevent memory swapping or unauthorized access, On Linux it uses mlock and on Windows VirtualLock & VirtualProtect along with in-memory encryption using CryptProtectMemory.
  • Safe Scoped Access: Direct access on these types is not possible, data is protected by default and only accessible within safe blocks.
  • no_std Support: For embedded and Web environments (with zeroization only).
  • Serde Support: Optional serialization/deserialization.

Usage

SecureString

use secure_types::SecureString;

 // Create a SecureString
let mut secret = SecureString::from("my_super_secret");

// The memory is locked here

// Safely append more data.
secret.push_str("_password");

// The memory is locked here.

// Use a scope to safely access the content as a &str.
secret.unlock_str(|exposed_str| {
     assert_eq!(exposed_str, "my_super_secret_password");
 });

 // When `secret` is dropped, its data zeroized.

SecureVec

use secure_types::SecureVec;

// Create a new, empty secure vector.
let mut secret_key: SecureVec<u8> = SecureVec::new().unwrap();

// Push some sensitive data into it.
secret_key.push(0);
secret_key.push(1);
secret_key.push(2);

// The memory is locked here.

// Use a scope to safely access the contents as a slice.
secret_key.unlock_slice(|unlocked_slice| {
     assert_eq!(unlocked_slice, &[0, 1, 2]);
 });

SecureArray

use secure_types::SecureArray;

let exposed_array: &mut [u8; 3] = &mut [1, 2, 3];
let mut secure_array = SecureArray::from_slice_mut(exposed_array).unwrap();


secure_array.unlock_mut(|unlocked_slice| {
    assert_eq!(unlocked_slice, &[1, 2, 3]);
});

See also the examples.

Feature Flags

  • std (default): Enables all OS-level security features.

  • no_std: For no_std environments. Only provides the Zeroize on Drop.

  • serde: Enables serialization/deserialization.

Credits

Commit count: 40

cargo fmt