Documentation
¶
Overview ¶
Package memory provides secure memory management utilities for handling sensitive data such as tokens, credentials, and other secrets.
Index ¶
- Variables
- func ZeroBytes(buf []byte)
- type SecureBuffer
- func (sb *SecureBuffer) Bytes() []byte
- func (sb *SecureBuffer) BytesCopy() []byte
- func (sb *SecureBuffer) Clear()
- func (sb *SecureBuffer) ClearFast()
- func (sb *SecureBuffer) IsCleared() bool
- func (sb *SecureBuffer) Len() int
- func (sb *SecureBuffer) Lock() error
- func (sb *SecureBuffer) String() stringdeprecated
- func (sb *SecureBuffer) Unlock() error
- func (sb *SecureBuffer) UnsafeString() string
Constants ¶
This section is empty.
Variables ¶
var ( // ErrNilReader indicates a nil reader was provided. ErrNilReader = ewrap.New("reader cannot be nil") // ErrMaxSizeInvalid indicates max size is non-positive or exceeds platform limits. ErrMaxSizeInvalid = ewrap.New("max size must be positive and fit into int") // ErrBufferTooLarge indicates the data exceeds the configured maximum size. ErrBufferTooLarge = ewrap.New("data exceeds maximum size") // ErrLockUnsupported indicates memory locking is not supported on this platform. ErrLockUnsupported = ewrap.New("memory locking is not supported") )
Functions ¶
Types ¶
type SecureBuffer ¶
type SecureBuffer struct {
// contains filtered or unexported fields
}
SecureBuffer represents a secure memory buffer for storing sensitive data. It provides automatic cleanup and protection against memory dumps.
func NewSecureBuffer ¶
func NewSecureBuffer(data []byte) *SecureBuffer
NewSecureBuffer creates a new secure buffer with the given data. The data is copied into the buffer to ensure isolation.
func NewSecureBufferFromReader ¶
func NewSecureBufferFromReader(reader io.Reader, maxBytes int64) (*SecureBuffer, error)
NewSecureBufferFromReader reads up to maxBytes from reader into a SecureBuffer. maxBytes must be positive and fit into the platform int size.
func (*SecureBuffer) Bytes ¶
func (sb *SecureBuffer) Bytes() []byte
Bytes returns a copy of the buffer's data. The returned slice is safe to use and modify.
func (*SecureBuffer) BytesCopy ¶
func (sb *SecureBuffer) BytesCopy() []byte
BytesCopy returns a copy of the buffer's data. The returned slice is safe to use and modify.
func (*SecureBuffer) Clear ¶
func (sb *SecureBuffer) Clear()
Clear securely wipes the buffer's memory by overwriting it with random data and then zeroing it out. After calling Clear(), the buffer should not be used.
func (*SecureBuffer) ClearFast ¶
func (sb *SecureBuffer) ClearFast()
ClearFast wipes the buffer's memory by zeroing it out only. This skips the random overwrite for speed.
func (*SecureBuffer) IsCleared ¶
func (sb *SecureBuffer) IsCleared() bool
IsCleared returns true if the buffer has been cleared.
func (*SecureBuffer) Lock ¶ added in v1.0.12
func (sb *SecureBuffer) Lock() error
Lock attempts to prevent the buffer from being swapped to disk. It is best-effort and may return ErrLockUnsupported on some platforms.
func (*SecureBuffer) String
deprecated
func (sb *SecureBuffer) String() string
Deprecated: String returns a string copy that cannot be zeroized. Prefer BytesCopy for sensitive data.
func (*SecureBuffer) Unlock ¶ added in v1.0.12
func (sb *SecureBuffer) Unlock() error
Unlock releases a previously locked buffer. It is best-effort and may return ErrLockUnsupported on some platforms.
func (*SecureBuffer) UnsafeString ¶
func (sb *SecureBuffer) UnsafeString() string
UnsafeString returns the buffer's data as a string copy. The resulting string cannot be zeroized and may persist in memory.
Source Files