Zecrecy is a small Zig library for wrapping sensitive data, like cryptographic keys, secrets, or tokens, and securely erasing it once you’re done.
Zeroing memory is difficult. After a sensitive operation, it’s hard to guarantee no secrets remain on the stack, in registers, or elsewhere in memory. The goal of Zecrecy is decrease the attack surface area by providing an API that encourages minimal scope for sensitive data.
- All secrets are kept on the heap to minimize stack replication
- Memory is automatically zeroed before deallocation
- The design encourages short, well-defined lifetimes for every access, (assuming correct memory management).
This is my first Zig project and I’ve tried to solve the problem the “idiomatic Zig” way. I would love feedback from the community, on both the design and the Zig-specific implementation details.